Ch 29: Risk measurement and reporting

Question 1

Subjective Assessment of risk

4

Answer 1

• Extend Risk identification process to estimate frequency and severity
• The probability and severity of each risk event are both estimated (separately) using a simple point scale. eg 1-25
• The product of the probability and severity assessments gives a score on a scale. This provides an assessment of each risk event and allows them to be ranked and prioritized.
• The assessment would be carried out with and without possible risk controls.

Question 2

Outline how a model could be used to assess a risk

4

Answer 2

• Distributions need to be assigned to both the probability and severity of the risk event (unless the latter is a fixed amount rather than a RV, such as for a without profit term assurance policy).
• To quantify the risk simply, the company could define an event and then use historical data to determine a probability distribution for that event. Alternatively, the frequency of the event could be defined and this could be used to determine the loss parameter.
• A decision needs to be made as to whether a STOCHASTIC or DETERMINISTIC model is appropriate.
• The availability of data to parameterize the model may influence the decision as to which model (if any) is used. This is particularly important when considering RARE EVENTS.

Question 3

Assessment of operational risk

2

Answer 3

• Difficult to quantify as many events are rare and independent

Usually use Broad Brush approach:
* No detailed analysis - use a % of average income
* Solvency 2 has a standard formula based on premiums and reserves

Question 4

Outline 4 steps that should be involved in a scenario analysis to evaluate operational risk

Answer 4

1. Group risks into broad categories. This should involve input from a wider range of senior individuals in the organization.
2. Develop a plausible adverse scenario of risk events for each group of risks, which is REPRESENTATIVE of ALL the risks in the group.
3. Calculate the consequences/costs of the risk event occurring for each scenario, again involving senior staff.
4. Calculate the total costs of all risks represented by the scenario.

Question 5

Suggest 6 categories into which operational risks might be divided for the purpose of scenario analysis

Answer 5

1. Fraud
2. Loss of key personnel
3. Mis-selling of financial products
4. Calculation error in the computer system
5. Loss of business premises
6. Loss of company e-mail access

Question 6

State 5 ways of evaluating risks

Answer 6

1. Scenario analysis
2. Stress testing
3. Combined stress and scenario testing
4. Reverse stress testing
5. Stochastic modelling

Question 7

Scenario analysis

2,4,1

Answer 7

• Assess the financial impact of a plausible set of adverse events
• Used when distribution cannot be fit to the event, too many subjective parameters

Steps:
1. Group Risk exposures
2. Develop plausible adverse scenario
3. Set assumptions for model using the scenario and calculate cost of consequences for each group
4. Calculate total cost across all groups

• Limited to quantifying severity and not frequency and a stoch model must be used for probability.

Question 8

Stress testing?

3

Answer 8

• Projection of financial conditions under specific adverse events over time.
• Deterministic modle used to model extreme market movements (extreme assumptions used)
• In relation to market risk it involves subjecting a portfolio to extreme market movements by radically changing the underlying assumptions and characteristics - including changing asset class correlations and volatilities, which are often observed to increase during extreme market events.

Question 9

Outline two types of stress test

2

Answer 9

Two types of tests are designed to:
1. Identify ‘weak areas’ in the portfolio and investigate the effects of localized stress situations by looking at the effect of different combinations of correlations and volatiltiies.

2. Gauge the impact of major market turmoil affecting all model parameters while ensuring consistency between correlations while they are stressed.

Question 10

Explain what is meant by reverse stress testing

4

Answer 10

• Severe stress scenario that just allows company to continue operations as required by regulation (eg Low SCR).
• Aim is to identify the scenario which would just be enough to continue operations
• The scenario might be financial or non-financial
• Although it might be an extreme scenario, it must be PLAUSIBLE!!!

Question 11

Describe how a stochastic model could be used to evaluate a particular risk

4

Answer 11

• The variables that gives rise to the risk are treated as RVs with probability distributions.
• The model must be DYNAMIC, with full interactions/correlations between variables.
• The model can be run to determine the amount of capital that is needs to (just) void ruin with a given probability
• Long run time. Limit scope of model/ # stochastic variables

Question 12

Outline 3 approaches to limiting the ideal scope of a stochastic model in order to make the model more practical

Answer 12

1. Restrict the time horizon that the model projects
2. Limit the number of variables that are modelled stochastically and model the other variables deterministically with scenario testing.
3. Carry out a number of runs each with a different single stochastic variable, followed by a single deterministic run using all the worst case scenarios together.

Question 13

Capital Requirements

3

Answer 13

• Regulatory capital requirements are set in respect of a 1 in 200 year event ocurring within 12 months
• Effect of multiple risks may be less than the individual sum fo risks due to diversification/neg corr
• Stoch modelling used to determine capital req for all risks and provides a dbn so RC can be calc @prob level

Question 14

How does correlation between risks affect RC?

3

Answer 14

1. Risks are fully dependent: The overall capital requirement is the sum of the individual capital requirement corr = 1
2. Risks are independent: uncorrelated risks so RC is less than the sum of individual risks RC corr=0
3. Risks are partially dependent: Positive/ negative correction so RC is less than indiv sum, Lower correlation higher diversification benefit and lower the RC

Question 15

List 3 methods of aggregating partially dependent risks

Answer 15

1.Stochastic model :
* Output a dbn that can be used

2.Correlation matrix:
* Directly aggregate across individual risk factors
* Specifiy corr bet risk factors to account for diversification and use sqrt(sum(cij) (ri) (rj))

3.Copulas:
* Have info of indiv risks on isolation (approx dbn)
* Use copula to calc joint prob of risk

Question 16

Explain the deterministic Notional approach to risk measurement

3

Answer 16

1. Notional Approach
   * Broad Brush risk measure
   * +: simple to implement and interpret
   * -: uses catch all weight for undefined classes
   Distortion caused by increased demand of asset with high weight
   No allowance for concentation risk
   Prob of changes to assets/ laib not quantified

Question 17

Explain the deterministic Factor Sensitivity approach to risk measurement

3

Answer 17

2.Factor sensitivity approach
* Sens testing to det how fin pos affected by change in factor

+:
* Understanding of the drivers of risk

-:
* Focus on single factors not scenarios
* Difficult to agg over risk factors
* Prob not quantified

3. Scenario Sens test (same)

Question 18

Explain the probabilistic Deviation approach to risk measurement

2

Answer 18

• Std deviation: Measured from the mean
• Tracking error: Measured relative to a benchmark
  Used to determine risk of ALT strat for active vs passive

Question 19

Explain the probabilistic Value @ Risk approach to risk measurement

4

Answer 19

• Measure of downside risk. Represents max potential loss on portfolio @ prob
• eg 99% VaR= max loss with 99% confidence. 1% chance of higher loss occuring.

Calculation:
* Empirical:
* Parametric: losses have a dbn (Fin ECO P[L<=x] = a,
F(a)^-1 = VaR)
* Stochastic: Uses ranked losses data (bootstrap/simulated)

+:
* Simple to use
* Applied to all risks
* Can be a benchmark eg risk limit

-:
* No indication of dbn of losses greater than VaR
* Underest fat tailed risks
* Sensitive to parameter input

Question 20

Explain the prob of ruin and TVaR/CVaR approach to risk measurement

2,2

Answer 20

Prob of ruin:
* Prob fin pos falls below zero
* linked to VaR: if current fin pos < 95% VaR = prob ruin is atleast 5%

TVaR/ CVaR:
* VaR can ignore tail events and not quantify impact
* TVaR gives indication of skewness in tails and is the expected SF given SF occurred

Question 21

How can liability risks be measured?

Answer 21

Liability risks can be measured by an analysis of experience, e.g. actual deaths divided by expected deaths.

It is important to ensure CONSISTENT classification and measurement of the risk event and the exposure to risk.

Question 22

Describe what is meant by a “risk register” and what it might contain.

3

Answer 22

• A risk register is a means of categorizing the various risks to the company or individual. Against each risk the likely impact and probability of occurrence are recorded. The product of these measures gives an idea of the relative importance of the various risks.
• The risk register can be extended to indicate how each risk has been dealt with, e.g. accepted, rejected transferred or managed. Where risk has been mitigated, the risk portfolio can include a revised assessment of the remaining risk.
• For retained risks, the risk register could also include details of control measures, reassessment after controls, risk owners, committee/senior management with oversight, identification of concentrations of risk and the need for management in these areas.

Created during the risk identification stage

Question 23

Give 10 reasons why regular risk reporting is important within a business

Answer 23

FRAUD CRIME

• Financing (appropriate price, reserves, capital requirements)
• Rating agencies (to help determine appropriate rating)
• Attractiveness to investors
• Understand better (risks and their financial impact)
• Determine appropriate control systems
• Changes over time
• Regulator
• Interactions
• Monitor effectiveness of controls
• Emerging risk identification

Question 24

Explain why, if risk is managed at the enterprise level, it is necessary to have a coherent system of risk reporting across the whole enterprise

2

Answer 24

• As part of ERM, each business unit will have been given a risk exposure allocation. The benefits of diversification are likely to rely on each unit taking on the exposure allocated. Therefore, it is necessary that each unit report on the exposure that they are taking, in a CONSISTENT way.
• If this does not happen, there is a risk that additional capital will be required to cover the undiversified risks. Will not gain diversification benefit.

Question 25

The process of determining the amount of capital to hold can be divided up into two modelling steps.

What are these steps?

Answer 25

1. A model is used to determine the risk event at the required level of probability. A stochastic model could be used to determine this.
2. A second model is used to determine the consequences/cost of the risk event determined in 1. A deterministic model is likely to be used to determine this.

Question 26

State 5 issues to consider when assessing the risk-based capital requirements.

Answer 26

1. Should the ruin probability be expressed over a single year or over the whole run-off of the business?
2. Modelling more than 2 variables stochastically is probably impractical. Therefore, a method of assessing the correlation between variables is needed, e.g. a correlation matrix.
3. The effect of multiple risk events may be greater or less than the sum of the individual risks due to interactions between the risks.
4. Some risks, such as operational risks, are highly subjective. In order to construct a plausible adverse scenario with a given ruin probability, it is necessary to look beyond risk events that have already occurred.
5. Past data must be used with caution when estimating the consequences of rare events.