CH28 - Risk measurement & reporting

Question 1

Risk qualification

Answer 1

For all risk events, the probability of occurence(frequency) and expected loss(severity) need to be assessed. These are normally treated as random variables in models.

Risks are commonly assessed using simple scales which rate frequency and severity from low to high(5 point scale or 3 point scale resulting in a scale from 1 to 25 or from 1 to 9).The product of frequency and severity scales represents the overall score for that risk, enabling them to be ranked. The assessment would be done with and without controls, to assess their efficiency. The assessment may be recorded in a risk register.

Question 2

Evaluation of risks - Scenario analysis (4)

Answer 2

Scenario analysis is useful where it is difficult to fit full probability distributions to risk events. It is therefore a deterministic method of evaluating risk.
(this could be because the risks are not suitable for mathematical modelling, or because the distribution would need so many subjective parameters that the value of using it is eroded)

Scenario analysis is frequently used when evaluating operational risks but can also be used to assess the impact of financial risks such as a global recession.

It involves the following steps:

1. grouping the risk exposures into broad categories - this step is likely to involve input from a wide range of senior individuals in the organisation
2. development of a plausible adverse scenario for each group of risks
3. calculation of the consequences of the risk event occuring for each scenario - again this is likely to involve senior staff input, the financial consequences include
   * redress paid to those affected
   * the cost of correcting systems and records
   * regulatory fees and fines
   * opportunity costs while any changes are made etc.
4. total costs calculated are taken as the financial cost of all risks represented by the chosen scenario

Question 3

Evaluation of risks - Stress testing (2)

Answer 3

Stress testing involves testing for weaknesses in a portfolio by subjecting it to extreme market movements (or credit or liquidity risk events).

Stess testing is also a deterministic method of modelling risks, where the risk events are extreme. It is commonly used to model extreme market movements, but also has applications in modelling credit and liquidity risks.

There are two types of stress test:

1. to identify ‘weak areas’ in the portfolio and investigate the effects of localised stress situations by looking at the effect of different combinations or correlations and volatilities
2. to gauge the impact of major market turmoil affecting all model parameters, while ensuring consistency between correlations while they are ‘stressed’.

Question 4

Evaluation of risks - Reverse stress testing

Answer 4

A requirement of regulatory bodies is often that regulated firms carry out a reverse stress test.

Reverse stress testing is the construction of a severe stress scenario that just allows the firm to be able to continue to meet its business plan, e.g. having insufficient capital to meet solvency requirements or to cover its minimum risk appetite. The scenario may be extreme, but must be plausible.

Question 5

Evaluation of risks - stress scenario

Answer 5

Stress and scenario testing can be combined to determine a stress scenario.

Scenario analysis identifies the factors which are impacted under the chosen scenario, and these become the factors to which stress tests can be applied. The overall stress scenario test combines the individual factor stress tests, and this is ideally done simultaneously in order to allow for inter-relationships.

When constructing a stress scenario, decisions need to be made as to how other aspects of the business will react if a stress event occurs.

The scenarios should be tailored to reveal weaknesses in terms of risk exposure and sensitivity, and should thus focus on the risk factors to which the business is most exposed.

Question 6

Evaluation of risks - Stochastic modelling (3)

Answer 6

Stochastic modelling is a natural extension of stress testing but can be complex and impractical in many cases.

Stochastic modelling can use all the variables that give rise to risk being incorporated as probability distributions, and a full set of dynamic interactions between the variables specified. The model can then determine the capital necessary to (just) avoid ruin at any desired probability level.

The model is often limited by one of following approaches:

1. restrict the duration (or time horizon) of the model (to two years if the risk criterion is expressed as a one-year ruin probability)
2. limit the number of variables modelled stochastically and use a deterministic approach for the other variables (variables that only have an adverse effect when they move in one direction can be modelled using deterministic scenario analysis)
3. carry out a number of runs with a different single stochastic variable and then a single deterministic run using all the worst case scenarios together. This will determine the effect of interactions between the various variables.

It is important to remember that the results are only as good as the model used.

Question 7

Aggregating risks

Answer 7

In many regulatory regimes, the capital requirement is set in respect of an event occuring within 12 months with a probability of 0.5% (a ‘1 in 200-year event). Individual risks need to be aggregated in order to allow for correlations and inter-actions.
This can be done through:
1. Stochastic modelling - although this may be impractical because of the time it takes to run a single scenario for the whole firm
2. Simple formulae if risk events are fully dependent (sum of individual capital requirements) or fully independent (square root of sum of squares)
3. Correlation matrices
4. Copulas - functions that take as inputs marginal cumulative distribution functions and output a joint cumulative distribution function.
Different copulas are used to describe different degrees of dependence between random variables, including in the tails of distributions. Copulas are used widely in quantitative finance to model tail risk, which in turn enables organisations to minimise that risk and to optimise portfolios of investments.

Question 8

Risk measures (3)

Answer 8

1.Active risk measures for asset risks include historic tracking error and forward-looking tracking error.
2.Liability risks are commonly measured by carrying out an analysis of actual vs expected experience.
3. VaR generalises the likelihood of underperforming by providing a statistical measure of downside risk.
Value at Risk (VaR) represents the maximum potential loss on a portfolio over a given future period with a given degree of confidence. VaR calculations may be based on assumptions such as a normal distribution of returns.
It can be measured either in absolute terms or relative to a benchmark.

Question 9

Risk portfolios / registers (4)+(5)

Answer 9

An individual or company should establish a risk portfolio or risk register, recording the impact and probability of each risk.

The risk portfolio can then be extended to indicate how the risk was dealt with was:

1. avoided
2. retained* (and how much capital is needed to support it)
3. diversified (and a revised assessment of the remaining combination of risks)
4. mitigated (and a revised assessment of the remaining risk)
   - internally
   - by transfer to another party

• For risks that are retained, the risk portfolio would also contain details of:
  1. control measures
  2. reassessment of value and impact after controls
  3. risk owner
  4. board committee / senior manager with oversight of the risk
  5. identification of concentrations of risk and related actions

Question 10

Risk reporting (7)+(3)

Answer 10

Regular risk reporting is vital to ensure that the risk management process is effective, including:

1. identifying new risks
2. quantifying the impact of individual risks
3. determining appropriate control systems for specific risks
4. monitoring the effectiveness of existing control systems
5. assessing changes to risks faced
6. assessing the interaction between risks
7. assisting with pricing, reserving and determining capital requirements

Regular risk reporting is also helpful for:

1. shareholders and potential shareholders, to understand the attractivness of the business for investment
2. credit rating agencies, to help with determining an appropriate rating
3. regulators, to identify areas which could require greater scrunity

Question 11

Features of a risk that would make it more appropariate to model using a stochastic rather than a deterministic approach (5)

Answer 11

Possible features that would indicate that a stochastic approach is more appropriate include that the risk:

1. has a high score (high severity and/or frequency) and therefore is a high priority to assess carefully
2. has a high variability of possible outcomes
3. has a lot of experience data on which to base the probability distributions
4. relates to financial guarantees or options
5. involves the mismatching of assets and liabilities

Question 12

Operational risk

Answer 12

Operational risk is one of the most difficult to quantify. There are so many operational risk events that can affect a firm that to quantify each would be impractical, and because the events are rare and often independent each would have little impact on the aggregate risk exposure of the firm.

There are two approaches that are typically used to assess or allow for operational risk with an organisation:

1. a broadbrush approach that does not perform any detailed analysis
2. scenario analysis

One approach which has been adopted in the banking sector is simply to add a percentage uplift to the total aggregated risks other than operational risks. This approach is also followed in the European Solvency II standard formula model for insurers.

Another approach is to use the technique of scenario analysis. This could involve dividing the possible operational risks into perhaps 10-15 categories and, for each category, assessing the cost of a plausible adverse scenario.
For example, the categories might include:
1. fraud
2. loss of key personnel
3. mis-selling of financial products
4. calculation error in the computer system
5. loss of business premises
6. loss of company e-mail access for 72 hours

Question 13

1 drawback to scenario analysis

Answer 13

It quantifies the severity of the scenario but not the probability of it occuring. Organisations often use their capital models to determine the probability of a particular scenario occuring.

Question 14

For a provider of unit-linked investment bonds, a sustained reduction in market values will afect: (6)

Answer 14

1. income received from fund management charges
2. persistency of existing investment bonds
3. new business volumes
4. the provider’s regulatory capital requirements
5. the value of the shareholders’ interests
6. the probability of any guarantees biting
   All these factors need to be built into the model

Question 15

Likely correlations between risks (5)

Answer 15

1. Inflation risk is heavily correlated with expense risk for most long-term financial products
2. Traditionally equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious.
3. Falling equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious.
4. Falling equity markets are likely to be correlated with increasing lapse rates on unit-linked savings products.
5. Operational risk is likely to be weakly correlated with all other risks, because if management are concentrating on some other issue they may not be concentrating on routine operational matters.
6. In life insurance the longevity risk on an annuity book is strongly negatively correlated with mortality risk on a term assurance book (not perfect negative correlation because the typical ages are different). An annuity writer can reduce its capital requirements for mortality / longevity by writing term assurances.

Question 16

Use of VaR when distribution is not normal

Answer 16

VaR is usually calculated assuming a normal distribution of returns. If the distribution of returns is ‘fat-tailed’, or skewed, tracking error may be misleading.

Unfortunately, portfolios exposed to credit risk, systematic bias or derivatives may exhibit non-normal distributions. The usefulness of VaR in these situations depends on modelling skewed or fat-tailed distributions of returns, either in the form of statistical distributions or via Monte Carlo simulations. Lack of sufficient data observations within the ‘tails’ of the distributions means there is increasing subjectivity in the choice of the underlying probability.

Question 17

Reporting at entrerprise level

Answer 17

By budgeting for risk across the whole enterprise, maximum use can be made of diversification benefits, and thus the minimum capital required to support the risks undertaken.

One of the consequences of this approach is that it is necessary to have a system of risk reporting across the whole enterprise. It is important for the Chied Risk Officer to be aware of whether all business units are using the risk allocation that they have been given.

If two business unit are allocated risk exposures that diversify away at the enterprise level, but one of the two units does not take on the risk exposure allocated, this could increase the capital requirements of the enterprise.

Where diversification between business units is used to minimise group capital requirements, the individual business units will need to report data at a much more granular level than their own total capital requirement to the group. Analysing the data from diverse business units can be a costly task, especially for multinational operations.

Question 18

Issues relating to reporting externally

Answer 18

The usual way for a financial product provider to report on risk is by quantifying the capital required to protect against ruin at a given ruin probability.

The annual report may only address risk issues in a qualitative manner, leaving the quantification of risk capital and solvency requirements to be covered in a separate report.

Question 19

The main issues facing providers of financial benefits in completing the assessment are (5)

Answer 19

1. Should the ruin probability be expressed over a single year or the whole run-off of business?
2. A stochastic model with more than two stochastic variables is impractical, so it may be better to use a correlation matrix instead.
3. Interactions between risks need to be dealt with.
4. Some risks, particularly operational, are highly subjective.
5. Using past data to estimate future consequences needs to be undertaken with caution, particularly for low frequency events.