CH28 - Risk measurement & reporting Flashcards
Risk qualification
For all risk events, the probability of occurence(frequency) and expected loss(severity) need to be assessed. These are normally treated as random variables in models.
Risks are commonly assessed using simple scales which rate frequency and severity from low to high(5 point scale or 3 point scale resulting in a scale from 1 to 25 or from 1 to 9).The product of frequency and severity scales represents the overall score for that risk, enabling them to be ranked. The assessment would be done with and without controls, to assess their efficiency. The assessment may be recorded in a risk register.
Evaluation of risks - Scenario analysis (4)
Scenario analysis is useful where it is difficult to fit full probability distributions to risk events. It is therefore a deterministic method of evaluating risk.
(this could be because the risks are not suitable for mathematical modelling, or because the distribution would need so many subjective parameters that the value of using it is eroded)
Scenario analysis is frequently used when evaluating operational risks but can also be used to assess the impact of financial risks such as a global recession.
It involves the following steps:
- grouping the risk exposures into broad categories - this step is likely to involve input from a wide range of senior individuals in the organisation
- development of a plausible adverse scenario for each group of risks
- calculation of the consequences of the risk event occuring for each scenario - again this is likely to involve senior staff input, the financial consequences include
* redress paid to those affected
* the cost of correcting systems and records
* regulatory fees and fines
* opportunity costs while any changes are made etc. - total costs calculated are taken as the financial cost of all risks represented by the chosen scenario
Evaluation of risks - Stress testing (2)
Stress testing involves testing for weaknesses in a portfolio by subjecting it to extreme market movements (or credit or liquidity risk events).
Stess testing is also a deterministic method of modelling risks, where the risk events are extreme. It is commonly used to model extreme market movements, but also has applications in modelling credit and liquidity risks.
There are two types of stress test:
- to identify ‘weak areas’ in the portfolio and investigate the effects of localised stress situations by looking at the effect of different combinations or correlations and volatilities
- to gauge the impact of major market turmoil affecting all model parameters, while ensuring consistency between correlations while they are ‘stressed’.
Evaluation of risks - Reverse stress testing
A requirement of regulatory bodies is often that regulated firms carry out a reverse stress test.
Reverse stress testing is the construction of a severe stress scenario that just allows the firm to be able to continue to meet its business plan, e.g. having insufficient capital to meet solvency requirements or to cover its minimum risk appetite. The scenario may be extreme, but must be plausible.
Evaluation of risks - stress scenario
Stress and scenario testing can be combined to determine a stress scenario.
Scenario analysis identifies the factors which are impacted under the chosen scenario, and these become the factors to which stress tests can be applied. The overall stress scenario test combines the individual factor stress tests, and this is ideally done simultaneously in order to allow for inter-relationships.
When constructing a stress scenario, decisions need to be made as to how other aspects of the business will react if a stress event occurs.
The scenarios should be tailored to reveal weaknesses in terms of risk exposure and sensitivity, and should thus focus on the risk factors to which the business is most exposed.
Evaluation of risks - Stochastic modelling (3)
Stochastic modelling is a natural extension of stress testing but can be complex and impractical in many cases.
Stochastic modelling can use all the variables that give rise to risk being incorporated as probability distributions, and a full set of dynamic interactions between the variables specified. The model can then determine the capital necessary to (just) avoid ruin at any desired probability level.
The model is often limited by one of following approaches:
- restrict the duration (or time horizon) of the model (to two years if the risk criterion is expressed as a one-year ruin probability)
- limit the number of variables modelled stochastically and use a deterministic approach for the other variables (variables that only have an adverse effect when they move in one direction can be modelled using deterministic scenario analysis)
- carry out a number of runs with a different single stochastic variable and then a single deterministic run using all the worst case scenarios together. This will determine the effect of interactions between the various variables.
It is important to remember that the results are only as good as the model used.
Aggregating risks
In many regulatory regimes, the capital requirement is set in respect of an event occuring within 12 months with a probability of 0.5% (a ‘1 in 200-year event). Individual risks need to be aggregated in order to allow for correlations and inter-actions.
This can be done through:
1. Stochastic modelling - although this may be impractical because of the time it takes to run a single scenario for the whole firm
2. Simple formulae if risk events are fully dependent (sum of individual capital requirements) or fully independent (square root of sum of squares)
3. Correlation matrices
4. Copulas - functions that take as inputs marginal cumulative distribution functions and output a joint cumulative distribution function.
Different copulas are used to describe different degrees of dependence between random variables, including in the tails of distributions. Copulas are used widely in quantitative finance to model tail risk, which in turn enables organisations to minimise that risk and to optimise portfolios of investments.
Risk measures (3)
1.Active risk measures for asset risks include historic tracking error and forward-looking tracking error.
2.Liability risks are commonly measured by carrying out an analysis of actual vs expected experience.
3. VaR generalises the likelihood of underperforming by providing a statistical measure of downside risk.
Value at Risk (VaR) represents the maximum potential loss on a portfolio over a given future period with a given degree of confidence. VaR calculations may be based on assumptions such as a normal distribution of returns.
It can be measured either in absolute terms or relative to a benchmark.
Risk portfolios / registers (4)+(5)
An individual or company should establish a risk portfolio or risk register, recording the impact and probability of each risk.
The risk portfolio can then be extended to indicate how the risk was dealt with was:
- avoided
- retained* (and how much capital is needed to support it)
- diversified (and a revised assessment of the remaining combination of risks)
- mitigated (and a revised assessment of the remaining risk)
- internally
- by transfer to another party
- For risks that are retained, the risk portfolio would also contain details of:
1. control measures
2. reassessment of value and impact after controls
3. risk owner
4. board committee / senior manager with oversight of the risk
5. identification of concentrations of risk and related actions
Risk reporting (7)+(3)
Regular risk reporting is vital to ensure that the risk management process is effective, including:
- identifying new risks
- quantifying the impact of individual risks
- determining appropriate control systems for specific risks
- monitoring the effectiveness of existing control systems
- assessing changes to risks faced
- assessing the interaction between risks
- assisting with pricing, reserving and determining capital requirements
Regular risk reporting is also helpful for:
- shareholders and potential shareholders, to understand the attractivness of the business for investment
- credit rating agencies, to help with determining an appropriate rating
- regulators, to identify areas which could require greater scrunity
Features of a risk that would make it more appropariate to model using a stochastic rather than a deterministic approach (5)
Possible features that would indicate that a stochastic approach is more appropriate include that the risk:
- has a high score (high severity and/or frequency) and therefore is a high priority to assess carefully
- has a high variability of possible outcomes
- has a lot of experience data on which to base the probability distributions
- relates to financial guarantees or options
- involves the mismatching of assets and liabilities
Operational risk
Operational risk is one of the most difficult to quantify. There are so many operational risk events that can affect a firm that to quantify each would be impractical, and because the events are rare and often independent each would have little impact on the aggregate risk exposure of the firm.
There are two approaches that are typically used to assess or allow for operational risk with an organisation:
- a broadbrush approach that does not perform any detailed analysis
- scenario analysis
One approach which has been adopted in the banking sector is simply to add a percentage uplift to the total aggregated risks other than operational risks. This approach is also followed in the European Solvency II standard formula model for insurers.
Another approach is to use the technique of scenario analysis. This could involve dividing the possible operational risks into perhaps 10-15 categories and, for each category, assessing the cost of a plausible adverse scenario.
For example, the categories might include:
1. fraud
2. loss of key personnel
3. mis-selling of financial products
4. calculation error in the computer system
5. loss of business premises
6. loss of company e-mail access for 72 hours
1 drawback to scenario analysis
It quantifies the severity of the scenario but not the probability of it occuring. Organisations often use their capital models to determine the probability of a particular scenario occuring.
For a provider of unit-linked investment bonds, a sustained reduction in market values will afect: (6)
- income received from fund management charges
- persistency of existing investment bonds
- new business volumes
- the provider’s regulatory capital requirements
- the value of the shareholders’ interests
- the probability of any guarantees biting
All these factors need to be built into the model
Likely correlations between risks (5)
- Inflation risk is heavily correlated with expense risk for most long-term financial products
- Traditionally equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious.
- Falling equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious.
- Falling equity markets are likely to be correlated with increasing lapse rates on unit-linked savings products.
- Operational risk is likely to be weakly correlated with all other risks, because if management are concentrating on some other issue they may not be concentrating on routine operational matters.
- In life insurance the longevity risk on an annuity book is strongly negatively correlated with mortality risk on a term assurance book (not perfect negative correlation because the typical ages are different). An annuity writer can reduce its capital requirements for mortality / longevity by writing term assurances.