Chapter 29 - Risk Measuring & Reporting

Question 1

Risk Quantification

Answer 1

There are two key features to be assessed for any risk event :
- probability of the event occurring (frequency)
- expected loss if the event occurs (severity)

Quantification Methods
- Subjective Assessment with a risk-scoring approach which provides a method for ranking risk events
- Using a model to quantify frequency or severity , Obtaining the data to parameterise the model will be a crucial issue, and the availability of data may influence the decision as to what, or whether, a model is used

Quantifying Operational Risk
- Most difficult to quantify
In the European Union, the Solvency II standard formula for insurers uses a factor-based approach based on premiums
- Another approach is to use the technique of scenario analysis which could involve dividing the possible operational risks into perhaps 10 – 15 categories and, for each category, assessing the cost of a plausible adverse scenario

Question 2

Risk Evaluation with Scenario Analysis

Answer 2

• Looks at the financial impact of a plausible and possibly adverse set of events or sequences of events
• is a deterministic method of evaluating risk

Steps:

1. Risk exposures need to be grouped into broad categories – all risks involving financial fraud, all risks involving systems errors, for example. This step is likely to involve input from a wide range of senior individuals in the organisation
2. For each group of risks, a plausible adverse scenario is developed. The scenario needs to be plausible, otherwise it will not be possible to determine the consequences of the risk event. The scenario is deemed to be representative of all risks in the group
3. For each scenario, the organisation must translate the scenario into assumptions for the various risk factors in the model. Again, this is likely to involve senior staff input. The consequences of the risk event occurring are then calculated. The financial consequences include redress paid to those affected, the cost of correcting systems and records, regulatory fees and fines, opportunity costs while any changes are made, etc
4. The total costs calculated are taken as the financial cost of all risks represented by the chosen scenario

Is limited to quantifying the severity of the scenario but not the probability of it occurring. Organisations may use their capital models to determine the probability of an equivalent scenario occurring. Alternatively, they may have an idea for the probability of the scenario and use this in conjunction with the calculated severity to help calibrate or validate the capital model.

Question 3

Risk Evaluation with Stress Testing

Answer 3

• A financial stress test is a projection of the financial condition of a company under a specific extreme adverse event over a period of time
• is a deterministic method of modelling risks. It is commonly used to model extreme market movements, but also has applications in modelling insurance, credit and liquidity risks. It models the impact of the event but not the probability of it occurring.
• The risks that are incurred by extreme events can be identified and investigated by the process of financial stress testing

The principle of stress testing can be coupled with scenario testing to determine a stress scenario. In this case, the stress test is performed by considering the impact of a set of related adverse conditions that reflect the chosen scenario

The scenarios should be tailored to reveal weaknesses in terms of risk exposure and sensitivity, and should thus focus on the risk factors to which the business is most exposed.

There are two types of stress scenario test: ·
- to identify ‘weak areas’ in the portfolio and investigate the effects of localised stress situations by looking at the effect of different combinations of correlations and volatilities
- to gauge the impact of major market turmoil affecting all model parameters, while ensuring consistency between correlations while they are ‘stressed’.

Question 4

Risk Evaluation with Reverse Stress Testing and Stochastic Modelling

Answer 4

Reverse Stress Testing
- Is the construction of a severe stress scenario that just allows the firm to be able to continue to operate its business plan
- Business plan failure needs to be determined by the firm and needs to consider both the short-term and the long-term plan
- For well-capitalised firms, a reverse stress test may be an extreme event, but it nevertheless needs to be a plausible scenario

Stochastic Modelling
- An extension of stress testing is a full stochastic model with all the variables that give rise to risk being incorporated as probability distributions, and a full set of dynamic interactions between the variables specified. The model can then determine the capital necessary to (just) avoid ruin at any desired probability level.
- Not only is such a model extremely complex to specify and build, the run times that result from having more than one, or possibly two, variables simulated by stochastic methods become impractical with even the most modern computing power

It is therefore necessary to limit the ideal scope of the model by one or more of the following approaches:

• Restrict the duration of the model to two years if the risk criterion is expressed as a one-year ruin probability
• Limit the number of risk variables that are modelled stochastically. Deterministic approaches can be used for other risk variables. Variables that only have an adverse effect when they move in one direction can be modelled using deterministic scenario analysis
• Carry out a number of runs with a different single stochastic variable, followed by a single deterministic run using all the worst-case scenarios together. This will determine the effect of interactions between the various variables.

Question 5

Correlations between Risks

Answer 5

• Inflation risk is heavily correlated with expense risk for most long-term financial products
• Traditionally equity markets have moved in the opposite direction to interest rates, but in recent years this correlation has not been so obvious
• Falling equity markets are likely to be correlated with increasing lapse rates on unit-linked savings products
• Operational risk is likely to be weakly correlated with all other risks, because if management are concentrating on some other issue they may not be concentrating on routine operational matters
• In life insurance, the longevity risk on an annuity book is strongly negatively correlated with mortality risk on a term assurance book (not perfect negative correlation because the typical ages are different). An annuity writer can reduce its capital requirements for mortality / longevity by writing term assurances

Question 6

Risk Aggregation

Answer 6

• Risks that are fully dependent can be aggregated by summing over all the capital levels required to support each risk
• Risks that are fully independent can be aggregated by taking the root of the sum of the square of the capital levels required to support each risk
• Risks which are partially dependent which is the case in reality can be aggregated with a mix of the above or by using correlation matrices or copulas (A copula is a function, which takes as inputs marginal cumulative distribution functions, and outputs a joint cumulative distribution function , allows for understanding probability of joint risks)

Question 7

Risk Measures

Answer 7

Deterministic Methods:
- Notional Approach
- Factor sensitivity Approach (sensitivity test how financial position of organisation changes with change to single underlying risk factors)

Probabalistic Methods:
- Deviation(standard deviation which is deviation from mean and tracking error which is deviation from a benchmark other than the mean)
- Value at Risk
- Tail Value at Risk( or Conditional VAR )
- Probability of Ruin

Question 8

Risk Portfolios/Registers

Answer 8

The risk portfolio categorises the various risks to which the business is exposed.

Against each risk would be recorded a quantification of:
- impact
- probability

The product of the impact and the probability measures gives an idea of the relative importance of the various risks

The risk portfolio can then be extended to indicate how the risk has been dealt with, either:
- retained, wholly or partially (and capital required to support it)
- diversified (and a revised assessment of the remaining combination of risks)
- mitigated (and a revised assessment of the remaining risk) by
- transferred
- internal action

For risks that are retained, the risk portfolio becomes a more detailed risk register which should include:
- details of control measures
- reassessment of value and impact after controls
- risk owner
- board committee or senior manager with oversight of the risk (key strategic risks overseen by the full board)
- identification of concentrations of risk and the need for management action in these areas

Question 9

Risk Reporting

Answer 9

The production of regular risk reporting allows the management of a business to:
- identify any new risks faced by the business
- obtain a better understanding of the risks faced by the business in terms of quantifying the materiality and financial impact of individual risks
- determine appropriate risk and control systems to manage specific risks
- proactively monitor and manage the effectiveness of risk and control systems within its business
- assess whether the risks faced by a business are changing over time
- assess the interaction between individual risks
- appropriately price, reserve and determine any capital requirements for its business.