risk management Flashcards
As GARP (Chapter 1, 2020) explains, “The risk types interact with one another so that risk flows. During a severe crisis, for example, risk can flow from credit risk to liquidity risk to market risk, (which was the case during the global financial crisis of 2007–2009). The same can occur within an individual firm: the fat finger of an unlucky trader (operational risk) creates a dangerous market position (market risk) and potentially ruins the standing of the firm (reputational risk). That is why a sophisticated understanding of risk types and their interactions is an essential building block of risk management.”(†)
The classic risk management process affirms the job of a risk manager to include four activities: identifying risks; analyzing and measuring risks; assessing the impact of risk events; and managing risks. This process culminates in the series of decisions as to how to handle identified risks. Which of the following is (TRUE as) a common activity of the risk manager?
a. To either avoid or transfer each risk
b. To quantify every risk in an exact way; i.e., single number
c. To eliminate each risk to the fullest extent possible
d. To help identify where the firm should add risk
. D. TRUE: To help identify where the firm should add risk
As GARP (Chapter 1, 2020) explains, "The risk management process culminates in a series of choices that both manage risk and help to define the identity and purpose of the firm. Avoid Risk: There are risks that can be sidestepped by discontinuing the business or pursuing it using a different strategy. For example, selling into certain markets, or off-shoring production, might be avoided to minimize political or foreign exchange risks. Retain Risk: There are risks that can be retained within the firm’s risk appetite. Large risks can be retained through mechanisms such as risk capital allocation, self-insurance, and captive insurance. Mitigate Risk: There are risks that can be mitigated by reducing exposure, frequency, and severity (e.g., improved operational infrastructure can mitigate the frequency of some kinds of operational risk, hedging unwanted foreign currency exposure can mitigate market risk, and receiving collateral against a credit exposure can mitigate the severity of a potential default). Transfer Risk: There are risks that can be transferred to a third party using derivative products, structured products, or by paying a premium (e.g., to an insurer or derivatives provider)."(†) In regard to (A), (B), and (C), each is FALSE In addition, to avoid or transfer, we can retain or mitigate a risk Not nearly every risk can be quantified, but we should at least attempt to determine frequency and severity distributions (or ranges) The goal is not necessarily to eliminate or reduce every risk. This is a crucial feature of modern risk management: it seeks to add value and offer inputs into the strategy. As GARP explains (emphasis ours), "As the risk taker improves its risk management strategy, it will begin to avoid or mitigate non-essential or value-destroying risk exposures, which in turn will allow it to assume more risk in areas where it can pursue more value-creating opportunities for its stakeholders ... In modern economies, risk management is therefore not only about corporate survival. It is critically important to the broader processes of specialization, scaling, efficiency, and wealth creation."(†)
A big part of a risk manager’s job is to identify her firm’s risk factors. Each of the following statements about risk factors is true EXCEPT which is false?
a. Two examples of primary (aka, primitive) risk factors include the return on a broad stock market index and the risk-free spot (aka, zero) interest rate
b. For any risk factors that are represented by categorical or discrete variables, the risk manager should seek to replace them with either interval, ratio, or continuous risk factor variables
c. One of the risk manager’s key activities is to deconstruct primitive risk factors into the important loss drivers, the relationship of the loss drivers with each other, and the wider business environment
B. FALSE. Instead, many risk factors are characterized by categorical or discrete variables
Each of (A), (C), and (D) are TRUE.
About true (D), GARP writes, “Across the risk industries, massive computing power can now help risk managers spot patterns and relationships in data more quickly. Unsupervised machine learning [a subset of artificial intelligence] can help the risk manager identify the unknown unknowns [aka, unk-unks] through identifying clusters and correlations without specifying the area of interest in advance. Risk managers are about to enter an age of plenty in terms of data volume and risk factor analysis.”(†)
About tail risk, GARP observes, “Some risk events have a diabolical side that seems designed to outwit the human mind. This may be because such events are very rare and extreme or they arise from unobserved structural changes in a market.”(†) Which of the following statements about tail risk is TRUE?
a. Extremely rare events can happen even if the system is structurally stable
b. The problem with tail risk is that we lack statistical techniques to help us make the tails visible
c. Structural change by definition impacts neither expected loss nor unexpected loss nor tail risk
d. The risk manager can approach tail risk in financial markets in the same way that she would approach a natural or mechanical system
A. TRUE: Extremely rare events can happen even if the system is structurally stable
Explains GARP, “In complex systems, such as the global climate or financial markets, extremely rare events can happen over long time periods, even if the system remains structurally stable. These risks, really an extreme version of unexpected loss, are difficult to find in the data because (by definition) there are not a lot of them. Tail risk events might be rare, but a long enough time series of data should reveal evidence of their existence. Where data are scarce, modern risk management can sometimes apply statistical tail risk techniques, utilizing a branch of statistics called Extreme Value Theory (EVT) to help make tails more visible and to extract the most useful information.”(†)
In regard to (B), (C), and (D) each is FALSE.
One of the risk management building blocks is risk aggregation. GARP asks the question, “Given the many different types of risk and risk metrics, a key problem in risk management is the challenge of seeing the bigger picture. How can senior managers identify the riskiest businesses on their watch and tell when the firm’s aggregate risk is approaching intolerable levels?”(†) In regard to risk aggregation, which of the following statements is TRUE?
a. The financial crisis validated value at risk (VaR) as the ideal aggregation metric
b. The Greeks (e.g., delta, vega) are well-suited for aggregation to the enterprise level
c. For the market risk of derivative portfolios, aggregate notional amount is the best indicator of portfolio risk
d. Scenario analysis and stress testing can overcome the problem of measuring the frequency or probability of a rare event
D. TRUE: Scenario analysis and stress testing can overcome the problem of measuring the frequency or probability of a rare event
Explains GARP (in Box 1.5 of Chapter 1, emphasis ours): “Taking Account of Tail Risk: VaR only looks at the largest loss at a given likelihood threshold; it does not examine the size of losses beyond this threshold. For that reason, it is often said to ignore tail risk (i.e., the effect of very severe but rare events). After the global financial crisis of 2007–2009, various remedies for this were put forward … Scenario analysis and stress testing ignore the problem of measuring the frequency or probability of a rare event. Instead, they focus analytical resources on imagining a reasonably plausible worst-case scenario that may develop in stages over an extended period. The risk manager develops the scenario—or is handed it by a regulator—and then analyzes the impact of the event on the institution given its risk exposures and reactive capabilities. Scenario analysis and stress testing can be highly quantitative and involve complex modeling, but the numbers are all focused on assessing severity rather than frequency … “(†)
In regard to (A), (B) and (C), each is FALSE. Instead: The financial crisis did NOT validate value at risk (VaR) as the ideal aggregation metric: "The shortcomings of VaR as a risk measure were understood well before the global financial crisis of 2007–2009, but the crisis brought these weaknesses to the forefront and led to a reaction against over-dependence on this risk metric. VaR does, however, remain an important tool for risk managers," explains GARP.(†) The Greeks (e.g., delta, Vega) are NOT well-suited for aggregation to the enterprise level: "The Greeks are of limited help at an enterprise level, however, because they cannot be added together; nor do they imply the same level of risk across markets (e.g., delta in foreign exchange versus commodity markets)," explains GARP.(†) For the market risk of derivative portfolios, aggregate notional amount is NOT a useful (much less good!) indicator of portfolio risk: "Portfolios of derivatives are often designed so that the individual instruments offset each other’s market risk. It therefore makes no sense to treat the aggregate notional amounts in the portfolio as an indicator of portfolio risk, "explains GARP.(†)
One of the risk management building blocks is the need to balance risk and reward. Specifically, GARP says, “Economic capital provides the firm with a conceptually satisfying way to balance risk and reward. For each activity, firms can compare the revenue and profit they are making from an activity to the amount of economic capital required to support that activity.”(†) Each of the following statements is true about RAROC EXCEPT which is inaccurate?
a. For an activity to increase shareholder value, its RAROC should be higher than the cost of equity capital
b. Four applications of RAROC include business comparison, investment analysis, pricing strategies, and risk management cost/benefit analysis
c. Advantages of RAROC include (i) it has one universal regulatory definition (without credible variants), such that benchmarking against peers is easy; and (ii) it is easy to implement in practice
d. If RAROC’s denominator is economic capital, which is typical, then its numerator should be an after-tax risk-adjusted expected return where the risk-adjusted refers to an adjustment for expected losses
C. FALSE, doubly. Instead, RAROC is notorious for the lack of a universal definition and several variations (says GARP: “There are many variants on the RAROC formula, applied across many different industries and institutions.”). Also, RAROC is not easy to apply: “There are many practical difficulties in applying RAROC, includ-ing its dependence on the underlying risk calculations. Business lines often dispute the validity of RAROC numbers, sometimes for self-interested reasons,” explains GARP.(†)
In regard to (A), (B) and (D), each is TRUE. Specifically, each of the following is TRUE:
For an activity to increase shareholder value, its RAROC should be higher than the cost of equity capital
Four applications of RAROC include business comparison, investment analysis, pricing strategies, and risk management cost/benefit analysis
If RAROC’s denominator is economic capital, which is typical, then its numerator should be an after-tax risk-adjusted expected return where the risk-adjusted refers to an adjustment for expected losses
One of the risk management building blocks is enterprise risk management (ERM). Which of the following is TRUE as a feature or implication of ERM?
a. ERM encourages organizational silos to sharpen their self-identities
b. ERM supports a firm’s 360-degree view of risk which requires multiple tools
c. ERM enables a complex firm to summarize its overall risk into a single number
d. ERM replaces instances of judgment with the application of statistical science
B. TRUE: ERM supports a firm’s 360-degree view of risk which requires multiple tools
Modern enterprise risk management (ERM) takes a holistic approach. To achieve this, GARP says firms need to think bigger and this includes at least four aspects: Join Up Risk Silos; Environment Matters; Culture Matters; and 360 Degree View of Risk (where such a 360 degree view requires a full range of risk analysis tools looking at various time horizons). Source: Figure 1.7 in Chapter 1.(†)
In regard to (A), (C), and (D), each is FALSE.
ERM does NOT encourage organizational silos to sharpen their self-identities. The opposite! The mantra for ERM is something like breaking down organizational silos. ERM is supposed to “join up” silos.
ERM does NOT expect or want a complex firm to summarize its overall risk into a single number: “Oftentimes, historic ERM efforts have over-focused on the need to express risk as a single number such as economic capital or VaR. Expressing risk as a single number was too simplistic an approach. Perhaps the biggest lesson of the 2007–2009 global financial crisis was that risk cannot be reduced to any single number: (i) It is multi-dimensional, so it needs to be approached from many angles, using multiple methodologies; (ii) It develops and crosses risk types, so even a wide view of risk types—but at only one point in time—may miss the point; (iii) It demands expert judgment that is combined with application of statistical science,” explains GARP.(†)
ERM does NOT intend to replace the VALUE of judgment. See the quote above.
According to Crouhy et al, each of the following statements about the numerical measurement of risk is true EXCEPT which is false?
a. Merely judgmental rankings of risk (e.g., Risk Rating 3 versus Risk Rating 2) can help us make more rational in-class comparative decisions
b. If we can put an absolute cost or price on a risk, then we can make rational economic decisions about risks; at this point, risk management decisions become fungible with other management decisions
c. The best numerical measure of risk during abnormal markets, over longer periods, or for illiquid portfolios is value at risk (VaR)
d. All risk measures depend on a robust control environment; for example, in many rogue-trading case studies (debacles) traders found some way of circumventing trading controls and suppressing risk measures
C. False, “the VaR measure works well as a risk measure only for markets operating under normal conditions and only over a short period, such as one trading day. Potentially, it’s a very poor and misleading measure of risk in abnormal markets, over longer time periods, or for illiquid portfolios.”(†)
In regard to (A), (B), and (D), each is TRUE.
Crouhy’s risk typology is consistent with Jorion’s. This typology includes the three major financial risks (market, credit and operational risk) and includes liquidity risk as a key financial risk. Non-financial risks are either business or non-business risks. Non-business risks include reputation and political risks; business risks include strategy and technological innovation. For FRM purposes, however, the domain is financial risks, primarily: market risk, liquidity risk, credit risk, and operational risk. According to this risk typology, each of the following is true but which statement is false?
a. Basis risk is a context-specific form of market risk
b. There are four major types of market risk: interest rate risk, equity price risk, foreign exchange risk, and commodity price risk; interest rate risk parses into trading risk and the special case of gap risk (gap risk relates to the risk that arises in the balance sheet of an institution as a result of the different sensitivities of assets and liabilities to changes of interest rates).
c. Credit risk can be decomposed into four main types: default risk, bankruptcy risk, downgrade (credit deterioration) risk, and settlement risk.
d. Because legal and regulatory risk are classified as business risks rather than financial risks, many of the large losses from derivatives trading case studies (debacles) over the last decade are technically business risk failures not financial risk failures
False. Legal and regulatory risks are classified as operational risks.
According to Basel (emphasis ours), “Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.” (see https://www.bis.org/basel_framework). Legal risk “includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.” Operational risk is broad and includes human factor risk, technology risk, and regulatory risk.
In regard to (A), (B), and (C), each is TRUE.