C28 : Risk measurement and reporting Flashcards
State two key features to be assessed for each risk event
For all risk events there are two key features to be assessed:
1. the probability of the event occurring
2. the expected loss if the event occurs.
ie frequency and severity of the risk
Describe how the risk identification brainstorming techniques can be extended in order to assess each risk.
- Estimate probability and cost or impact of each risk event
- Use 5 or 3-point scale, 5 = high, 4 = medium-high, 3 = medium, 2 = medium-low, 1 = low.
- The product of the probability assessment and the impact assessment gives a scale of 1 to 25 (or 1 to 9 for the three-point scale) as an assessment of the risk. This risk-scoring approach provides a method for ranking risk events.
- The assessment would be carried out with and without possible risk controls, to generate a figure for the effectiveness of proposed controls. This will enable the efficiency of risk controls to be assessed against their cost.
Describe how a mathematical model can be used to assess risk
- assign a distribution to the probability of the risk event occurring, and also to the loss if the event occurs.
- Choose type of model stochastic v deterministic
e.g. 25% fall in equity price over a year,
Suggest features of a risk that would make it more appropriate to model using a stochastic rather than a deterministic approach.
- has a high score (high severity and/or frequency) and therefore is a high priority to assess carefully
- has a high variability of possible outcomes
- has a lot of experience data on which to base the probability distributions
- relates to financial guarantees or options
- involves the mismatching of assets and liabilities.
Which type of risk is most difficult to quantify?
Operational risk is one of the most difficult to quantify.
- So many operational risk that to quantify each would be impractical
- Events are rare and often independent each would have little impact on the aggregate risk exposure of the firm.
- Some may have low severity
Describe the approaches used to assess operations risk
- add a percentage uplift to the total aggregated risks other than operational risks.
- scenario analysis : dividing the possible operational risks into perhaps 10 – 15 categories and, for each category, assessing the cost of a plausible adverse scenario
Give examples of categories of scenario testing of operational risk
For example, the categories might include:
fraud
loss of key personnel
mis-selling of financial products
calculation error in the computer system
loss of business premises
loss of company e-mail access for 72 hours.
Describe when scenario analysis might be used to evaluate risks
- ## useful where it is difficult to fit full probability distributions to risk events
Describe the steps involved in performing a scenario analysis of risks
- Groupe Risk exposures into broad categories, eg
financial fraud, systems errors. This step is likely to
involve input from a wide range of senior individuals in the organisation. - For each group of risks, a plausible adverse scenario is developed. The scenario is deemed to be representative of all risks in the group.
- Translate each scenario into assumptions for the various risk factors in the model. The consequences of the risk event occurring are then calculated. The financial consequences include redress paid to those affected, the cost of correcting systems and records, regulatory fees and fines, opportunity costs while any changes are made, etc. In practice the mid-point of a range of possible values is usually taken.
- The total costs calculated are taken as the financial cost of all risks represented by the chosen scenario.
One drawback to scenario analysis
One drawback to scenario analysis is that it quantifies the severity of the scenario but not the probability of it occurring.
Organisations often use their capital models to determine the probability of a particular scenario occurring.
Describe the use of stress testing to evaluate risks
Stress testing to evaluate market risks
- Stress testing involves subjecting a portfolio to extreme market movements by radically changing underlying portfolio assumptions and characteristics.
For example, change correlations between asset classes and volatilities of asset classes.
Two types of test are designed to:
- Identify ‘weak areas’ in the portfolio and investigate the effects of localised stress situations by looking at the effect of different combinations and volatilities
- Gauge the impact of major market turmoil affecting all model parameters while ensuring consistency between correlations while they are stressed.
Combining stress and scenario testing
- The principle of stress testing can be coupled with scenario testing to determine a stress scenario.
- decisions need to be made as to how other aspects of the business will react if a stress event occurs.
Six factors that a sustained reduction in market values will affect for a provider of unit linked investment bonds
For a provider of unit-linked investment bonds, a sustained reduction in market values will affect:
income received from fund management charges
persistency of existing investment bonds
new business volumes
the provider’s regulatory capital requirements
the value of the shareholders’ interests
the probability of any guarantees biting.
All these factors need to be built into the model.
Outline the main focus in constructing suitable stress scenarios
- The scenarios should be tailored to reveal weaknesses in terms of risk exposure and sensitivity,
- focus on the risk factors to which the business is most
exposed.
Describe reverse stress testing
- construction of a severe stress scenario that just allows the firm to be able to continue to operate its business plan.
- Business plan failure needs to be determined by the firm and needs to consider both the short-term and the long-term plan eg
1. insufficient capital to meet statutory requirements,
2. to cover its minimum risk appetite
3. non-financial external event that causes the firm to cease having access to its major market
Describe the use of stochastic models to evaluate risks
- Variables that give rise to the risk are treated as random variables with probability distributions
- Model must be dynamic, with full interactions / correlations between variables
- Model can be run to determine the amount of capital that it needed to avoid ruin with a given probability
Three approaches to limit the ideal scope of the stochastic model to make it more practical
Making a stochastic model more practical to run
1. Restrict time horizon of model projects, e.g. to two years if the risk criterion is express as a one-year probability
2. Limit the number of variables that are modelled stochastically and model the other variables deterministically with scenario testing
3. Carry out a number of runs each with a single stochastic variables, followed by a single deterministic run using all the worst case scenarios together
Explain what is meant by the the capital requirement for a ‘1 in 200-year event’, and how that phrase can be misleading
- In many regulatory regimes for financial product providers, the capital requirement is set in respect of an event occurring within 12 months with a probability 0.5%.
- This is frequently called the capital requirement for a ‘1 in 200-year event’.
- This phrase can be misleading to non-experts, as it implies that if an event has just occurred, it will be another 200 years before they need to worry about the next one.
- In practice, rare events, such as stock market crashes and extreme weather events, appear to be happening more frequently than the assumed probability indicates.
Describe how stochastic modelling can be used to determine aggregate capital requirements for a firm for all risks to which it is exposed
Stochastic modelling
+ provides a complete distribution of outcomes to calculate capital required at a pre-determined probability level.
+ allows for correlations between risk events under each simulation.
- the time taken to run a single scenario for the whole firm can be long,
- impractical to run the very large numbers of scenarios required to produce credible results allowing for all risks stochastically.
Numerical aggregation of risks is a practical simplification often used to aggregate the capital requirement to cover a risk at a pre-determined probability level.
Propose 5 likely correlations between risks.
Propose 5 likely correlations between risks.
- Inflation risk is heavily correlated with expense risk for most long-term financial products.
- Traditionally equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious.
- Falling equity markets are likely to be correlated with increasing lapse rates on unit-linked savings products.
- Operational risk is likely to be weakly correlated with all other risks, because if management are concentrating on some other issue they may not be concentrating on routine operational matters.
- In life insurance the longevity risk on an annuity book is strongly negatively correlated with mortality risk on a term assurance book (not perfect negative correlation because the typical ages are different). An annuity writer can reduce its capital requirements for mortality / longevity by writing term assurances.
What is the most common way of measuring liability risks?
The most common way of measuring liability risks:
Analysis of experience – in other words, the ratio of the actual occurrences of an event to the occurrences expected when the
risk was accepted.
Describe Value at Risk (VaR) as a statistical measure of downside risk
VaR
- generalises the likelihood of underperforming by providing a statistical measure of downside risk.
- VaR represents the maximum potential loss on a portfolio over a
given future period with a given degree of confidence. E.g. A 99% one-day VaR is the maximum loss on a portfolio over a one-day period with 99% confidence,
- VaR can be measured either in absolute terms or relative to a
benchmark e.g. underperformance relative to an index
Drawbacks of Var
Drawbacks of VaR
- Often calculated assuming a normal distribution of returns, not necessarily true in practice (e.g. portfolios exposed to credit risk, systemic bias or derivatives exhibit non normal distributions)
- Can be calculated using a different distribution but data is often sparse and it is difficult to fit an accurate distribution
- Only looks at past events of future events based on data from past events
- Does not allow the user to investigate specific extreme market events or combinations of events that may result in a loss
Describe the use of risk portfolio or risk register.
- The risk portfolio categorises the various risks to which the business is
exposed. - Against each risk would be recorded a quantification of: impact & probability
- The product of the impact and the probability measures gives an idea of the relative importance of the various risks. (3 or 5 point scale)
The risk portfolio can then be extended to indicate how the risk has been dealt with. For example:
1. avoided
2. retained (and how much capital is needed to support it)
3. diversified (and a revised assessment of the remaining combination of risks)
4. mitigated (and a revised assessment of the remaining risk)
– by other internal actions
– by transfer to another party (fully or partially).
