Title: Secrets of Financial Risk Management
1Secrets ofFinancial Risk Management
2External Financing of Barings Futures (Japan)
Limited
800
Bank loans to Baring Securities (Japan) Limited
JGBs loaned to Baring Securities (Japan) Limited
600
Pounds (millions)
400
200
0
Dec 1994 Jan 1995
Feb 1995
Source Bank of England, Board of Banking
Supervision
3Internal Financing of Barings Futures
(Singapore) Limited
Source Bank of England, Board of Banking
Supervision
4Quote
Were calling it theBarings Overhang. Two
days before the collapse Newspaper ReporterTokyo
5Quote
One specific concern in the futures area is the
level of margin calls paid by BSL London without
knowing precisely on whose behalf the cash is
being paid. Internal memo,seven months prior to
the collapse James BakerInternal Audit, London
6Quote
We were not in a position in London to actually
check the validity of the sums in total being
requested. Recollections Tony GambySettlements
Director, London
7Quote
We just accepted his word that the figures
required ran into millions. Recollections Tony
HawesGroup Treasurer, London
8Quote
I did not look at this as a reconciliation
problem for myself. Recollections Brenda
GrangerHead of Futures and Options Settlement,
London
9Quote
You could say that it was a finance function
responsibility you could say that it was a
Futures and Options Settlements responsibility
you could say it was a Treasury responsibility. I
think it was probably the responsibility of all
three, but this is certainly something we wanted
to resolve. Recollections Ian HopkinsHead of
Group Treasury and Risk, London
10Quote
Awaiting breakdown from my buddy Nick (once
they creatively allocate the numbers). Internal
E-mail,one month prior to the collapse Brenda
GrangerHead of Futures and Options Settlements,
London
11Quote
We understand that the relationship between Tony
Hawes, who arranged the funding, and Ron Baker
and Waltz, who were seeking the funding, was not
good. Report on the Collapse Bank of England
12Quote
Mary was aggressive and definitely had an
attitude about the way in which Treasury was
run. Recollections Tony HawesGroup Treasurer,
London
13Quote
I am not walking away from the fact that I knew
that there were margin calls, and I knew that
there were hundreds of millions of dollars
involved it was not something that I felt the
responsibility for working out the details
of. Recollections Ron BakerHead of Financial
Products Group, London
14What is Risk?
- Volatility in the price of electricity
- A possible computer crash
- Uncertainty in a counterpartys ability to meet
obligations - Questionable liquidity in a financial market
- Possible fraud by employees
- Not knowing what a colleague is thinking
- Skiing Jackson Hole, Wyoming
15Exercise One
16Definition
Risk is exposure to uncertainty.
17Exposure
- Exposure is caring if something happens.
- We can be exposed to
- Weather
- Pain
- Loss
- Caring is a subjective, personal experience.
- Exposure is a subjective, personal experience.
- Inflation
- Violence
- Happiness
18Uncertainty
- Uncertainty is Ignorance.
- Ignorance is personal
- Two people can have different knowledge about
something. - Ignorance is subjective
- We can be ignorant and not even know it.
- Two people can have contradictory knowledge.
- Uncertainty is a subjective, personal experience.
19Nature of Risk
- Risk is subjective.
- Risk is personal.
20Exercise Two
21Part 1
You are exposed, but there is no uncertainty.
There is no risk.
22Part 2
You are exposed, and you are uncertain. There is
risk.
23Part 3
Since the die is 10-sided, the probability of
losing 100 is 10.
24Part 4
The rock is definitely uncertain,but it is
incapable of caring. Because there is no
exposure. The rock has no risk.
25Part 5
Like the rock in the last question, the company
is incapable of caring. The company faces no risk.
26Conclusion
- Companies dont take risk.
- People do.
A company is a conduit of risk.
27Conclusion
- Companies dont have goals.
- People do.
A company is a means of achieving those goals.
28Goals Risks
- Wherever there are goals there are risks.
- Wherever there are no goals, there are no risks.
29A Company is a Conduit of Risk
Stock Holders
Regulators
Customers
Management
Board
Company
Auditors
Employees
Suppliers
Creditors
Society
30Exercise Three
31We Talk as if Companies Took Risk
- We dont say
- Fred lost 100MM of the shareholders money.
- Instead, we say
- The company lost 100MM.
32We Talk as if Companies Took Risk
- We dont say
- Jane is exposing the shareholdersto a 25MM
loss. - Instead, we say
- The company has a 25MM exposure.
33Managing Risk
- To manage risk, we have to acknowledge that
companies dont take risk. - All risks accrue to people.
- Board members, management and employees are
agents of those people. - They take risk on their behalf.
- We may shape their behavior by imposing
correlated risks on them.
34Definitions
- Risk taker Someone who takes risk on his own
behalf. - Risk agent Someone who takes risk on another
persons behalf. - Risk client Someone who takes risk through an
agent.
35Informal Distinction
- Strategic risk agent Someone who takes strategic
risks on behalf of someone else. - Tactical risk agent Someone who takes tactical
risks on behalf of someone else.
36Simple Risk Taking
Individual risk taker
37Agency Risk Taking
risk client
risk agent
38Complex Risk Taking
risk client
Strategic risk agent
Tactical risk agents
39More Complex Risk Taking
40Highly Complex Risk Taking
41Case Study
42Agency Risk
- Agency risk is the risk from employing someone
else to take risk on our behalf. - Risk increases with the number of agents
43Addressing Agency Risk
- Communication
- Two-way communication is essential.
- Oversight
- Investigate agents backgrounds.
- Investigate conflicts of interest.
- Be aware of agents activities.
- Vested Interest
- Impose on the agent a risk that is correlated to
yours. - Incentives They gain when you gain.
- Disincentives They lose when you lose.
44Role of Communication
- Communication is essential whenever we employ
risk agents. - Must be two-way communication.
- Client communicates with
- Business Plan
- Policies and procedures
- Agent communicates with
- Reports
- Requests for changes to procedures
45Role of Oversight
- Useful for addressing known or predictable
aspects of risks - Known market risks
- Known patterns of fraud
- Known sources of credit risk
- Known security risks
- These are often tactical risks.
46Role of Vested Interests
- Useful for addressing unanticipated or
unpredictable aspects of risks - New market risks
- New patterns of fraud
- New sources of credit risk
- New security risks
- These are often Strategic risks.
47Example
How can a group address risks it does not
anticipate?
48Quote
The one that gets you is the oneyou never
see. Unknownfighter pilot
49None Anticipated the Risk
- Orange County (1994)
- Barings Brothers (1995)
- Daiwa Bank (1995)
- Sumitomo Corp. (1996)
- LTCM (1998)
50Solution
- You cant address a risk you dont anticipate.
- The key is making sure someone does anticipate
it. - Do employees care?
- Are they lying awake at night worrying about
risk? - or do they feel if something goes wrong,it
wont affect me. - Give them a vested interest by holding them
accountable.
51Making People Accountable
- Individual decision making.
- Inform people.
- Make people responsible.
52Individual Decision Making
- Every decision must be made by one person.
- Groups make poor decisions because groups are not
accountable. - If one persons name goes on a decision, he will
sweat the details.
53Quote
This one-for-all-and-all-for-one bit has been
about losing money together. Electricity Risk
Manager
54Value of Groups
- Groups have broader knowledge than individuals.
- Individual decision makers should always have
access to group members opinions. - For certain decisions, you can require a second
person or committee to accept a decision. - They cant make the decision themselves.
- If they reject a decision, they can only refer it
to some other individual to make. - An individual must be responsible.
55Informing People
- Without information, no one is accountable.
- Make people accountable by giving them all the
information they need - Data
- Reports
- Training
- Opinions
- Document that the information was provided.
56Example Orange County
County supervisors claim they were not provided
critical information that would have indicated
the risks Citron was taking.
Were they accountable?
57ExampleSinking of the Ehime Maru
"My career is terminatedan accident of this
sort, whether or not I am exonerated, will end my
career. Scott Waddle,Commander, USS Greeneville
On February 9, 2001, the US submarine Greeneville
accidentally rammed and sank the Japanese fishing
vessel Ehime Maru. Nine lives were lost.
58Exercise Four
59Solution
Group Discussion
60Group Decisions
61Individual Decisions
62Making People Responsible
- Making people responsible means letting go.
- You cant let someone make a decision on
condition they make the right decision. - You have to let them decide.
- Having to abide with decisions we dont like is
better than group responsibility.
63Quote
Mary is getting pissed off about allthe
structured products were parking in her
portfolio. Financial Executive
64Challenge
- Many risks dont fit into neat packages.
- They involve different risk agents in various
departments. - How can we allocate responsibility?
65Example
- A bank loses money selling a new form of exotic
derivative. - Who is accountable for this risk?
- The vice president who approved the product?
- The financial engineer who could have warned
about possible mishaps? - The trader who was responsible for hedging the
exposures? - The manager who might have questioned the large
volume being sold?
66Example
- A electricity trading firm sells a 5-year
wholesale contract for electricity. - Because of the long maturity, hedging is
difficult. - When the company loses money on the deal, who do
we blame - The sales person who sold the deal?
- The manager who approved it?
- The trader who might have hedged it?
67Example Requirements Service Electricity
Contracts
Hedging with call options will be too expensive.
68Example Requirements Service Electricity
Contracts
- A strategic decision needs to be made.
- Will it be the right decision?
- Will anyone be accountable?
69Challenges of FacilitatingStrategic Decision
Making
- Identifying when a decisions needs to be made.
- Avoiding group decision making.
- Avoiding informal individual decision making (no
documentation or accountability). - Ensuring decisions actually are madeor arent
made by default.
70Solution
Policies Procedures
71Policies
- Policies are high-level guidelines for how an
organization will pursue its business plan - Generally issued by the board of directors
- Describe roles, committees and an overall
decision making process for the organization. - Policies are not specific to any particular
business plan. - They can largely remain the same as a business
plan evolves.
72Procedures
- Procedures are detailed rules for how an
organization will pursue its business plan - Approved by management
- Specifies things like authorized transactions,
work processes, risk limits, etc. - Procedures are specific to a particular business
plan. - They are revised as the business plan evolves.
73Bureaucracy
- People often fear formalized procedures because
they associate them with bureaucracy. - Bureaucracy is the failure of formalized
procedures. - Bureaucracy stifles activity and suppresses
innovation. - Effective procedures have the opposite effect.
74Role of Procedures
- People who fear procedures tend to view them as
restricting employees actions. - Instead, they empower employees.
- Procedures grant employees specific authority to
take risks on behalf of the organization.
Is the glass half full or half empty?
75Procedures are for Changing
- Static procedures that never change are
bureaucracy. - Procedures should be a living document that
changes as the business plan or business
environment changes. - The process of changing procedures represents a
flow of information from tactical risk agents to
strategic risk agents.
76Procedure ChangesAre Information
This is odd. That procedure has existed for ten
years, so why change it now? Something is going
on that I am not aware of. Is he planning on
doing something irresponsible? or is our
market changing?
Hi boss I need to do a transaction that is not
covered by our procedure. It is really important.
Can we change the procedure?
77Research Every Request
- Every request for a change in procedure needs a
formal review. - The request itself is telling you somethingfind
out what it is telling you. - One person should decide on the change.
- But a risk committee should accept the change.
78Information Flows
Risk Reports
Requests for Changes to Procedures
Tactical Risk Agents
79Procedures Should Change Frequently
- Procedures should reflect the minimum authority
necessary to achieve a business plan. - Evolving business conditions will necessitate
frequent expansion of procedures. - Every proposed change represents an information
flow. - Report requests for and decisions relating to
procedure changes in the daily risk report. - Annually review procedures to narrow them where
possible.
80Procedures Take Many Forms
- Authorized Transactions
- Data Security
- Risk Reports
- Catastrophe Planning
- Corporate Ethics
- Changes to Procedures
- Model Inventorying
- VaR Limits
- Stop-Loss Limits
- Credit Limits
- Sales Practices
- Background Checks
- Trade Confirmations
- Hedging Practices
Each organization chooses procedures appropriate
for achieving its own business plan.
81Organizational Risk Taking
82Exercise Five
83Definition
Financial Risk Management is the process whereby
an organization optimizes the manner in which it
takes financial risk.
84Role of Risk Managers
- What are risk managers responsible for?
- Can risk managers perform hedging trades?
- How should risk managers implement change within
the organization? - Where does risk managements responsibility for
risk end and senior managements responsibility
begin? - What constitutes success or failure in risk
management?
85Quote
Risk Management is like pushing on a
string. Electricity Risk Manager
86Business Model
- We need to define a business model for risk
management.
87Case Study
88Business Model
- There are two competing models for risk
management. - Most organizations use the wrong model.
89Wrong ModelRisk Managers as Super Risk Agents
- Risk managers
- Assess what risks are appropriate.
- Intervene in risk taking activities where
necessary. - Advise management on risk taking.
- With this model, risk managers are viewed as
super risk agents.
90Problems with the Wrong Model
- Formalizes group decision making
- Responsibility for each risk is divided
betweenat least one risk agent and a super risk
agent. - Who takes credit if a risk is successful?
- Who takes blame if a risk is a failure?
- No one is accountable.
- Based upon a flawed premise that risk agents
arent experts in taking risk.
91Correct Roles Should Be
- The role of strategic risk agents is to take
strategic risk. - The role of tactical risk agents is to take
tactical risk. - If they cant do their job
- Replace them with someone who can.
- Appointing a risk manager to help them treats
the symptom instead of the problem.
92Consequencesof the Wrong Model
- Tactical risk agents feel threatened
- Their careers depend upon successfully taking
risks. - Super risk agents threaten this role.
- Strategic risk agents focus less on risk
- They have delegated the problem.
- Risk managers become isolated
- Tactical risk agents avoid them.
- Often, strategic risk agents avoid them.
93Quote
Its a constant battle between us and the risk
police Capital Markets Trader
94Correct ModelRisk Managers as Facilitators
- Recognizes that strategic and tactical risk
agents are responsible for all risks. - Agency risk is addressed with
- Communication
- Oversight
- Vested Interest
- Someone has to facilitate these.
- This is the role of risk managers.
95Correct Model
- We dont need super risk agents.
- We need facilitators.
96Risk Management Facilitates
Strategic Risk Agents
Risk Reports
Requests for Changes to Procedures
Risk Management
Tactical Risk Agents
97Fundamental Tenetof the Right Model
- Risk management must be completely segregated
from risk taking. - Risk managers
- Do not take risk
- Do not advise on risk taking
- Do not have opinions about risks
- They facilitate
- No one can facilitate a process if they are a
participant in that process.
98Risk Managers Facilitate
- Open communication
- Clarifying responsibility
99Open Communication
- Strategic risk agents communicate with
- Business plans
- Policies and procedures
- Tactical risk agents communicate with
- Reports
- Information
- Supports effective decision making
- Makes recipients accountable
100Clarifying Responsibility
- One name must go on each riskeach decision.
- The process must be systematized because
- It is most likely to break down when issues
become contentious. - Contentious issues are a harbinger of risk.
101Wrong Model
102Right Model
103Comparison of Models
- Cooperative
- Addresses all risks
- Strategic risk agents act as risk agents.
- Accountability promoted for everyone.
- Confrontational
- Focus is tactical risk
- Strategic risk agents become mediators
- Strategic risk agent accountability is not
promoted.
104Exercise Six
105Case Study
106Implementing Risk Management
- Set goals
- Individual accountability
- Risk managers as facilitators
- To succeed, everyone needs to change how they
act - Strategic risk agents
- Tactical risk agents
- Risk managers
- We need to change the rules.
107Problem
- In theory, we want risk managers to facilitate
and not participate in risk taking. - In practice, this is impossible.
- Every decision a risk manager makes will give
clues about her opinions on risks. - Does she highlight a particular risk in the risk
report? - Does she mention a particular risk in a meeting?
- Does she enforce some procedure in a particular
situationor not bother? - Does she recommend new risk software?
108Problem
- Every decision a risk manager makes will shape in
some manner how the organization takes risk. - No matter how hard she tries to merely facilitate
risk taking, she inevitably also participates in
that risk taking. - It is impossible to facilitate a process without
somehow contributing to that process.
109Solution
- The Right Model for risk management can never be
fully achieved. - All risk management programs fall somewhere in a
continuum between the right and wrong models. - The goal is to get as close to the right model as
possible.
110The Right Model
- The Right Model is like a city on a hill.
- We never actually reach it.
- ... but we constantly strive to approach it.
111Organizational Rules
- Policies The written set of rules in an
organization. - Culture The Unwritten set of rules in an
organization.
112Impact of Culture
- Culture operates by shaping the personal risks
people face in the organization. - Can limit peoples ability to act or enhance it.
- Often personal risks shaped by culture do not
correlate with the risks of the organization - A board member who is afraid to rock the boat.
- A trader who is afraid to admit a mistake.
- A clerk who is afraid to speak up.
- This is bad culture.
113Bad Culture
- Paternalistic.
- Hierarchical.
- Group responsibility.
- People dont ask questions.
- People hoard information.
- Risk averse
114Quote
People at the London end of Barings were all so
know-all that nobody dared ask a stupid question
in case they looked silly in front of everyone
else. Nick LeesonRogue Trader
115Good Culture
- Entrepreneurial
- Flat organization
- Individual responsibility.
- People ask questions.
- People want to share information.
- Accepting of risk.
116Case Study
117Key to Success
- Risk management needs a positive corporate
culture to succeed. - Corporate culture comes from the top.
- Conclusion Risk management must come from the
top.
118Another Problem
- Risk management comes from the top.
- Competent, hands-on managers tend to implement
effective risk management, - ... but they need it least.
- Incompetent, self-serving managers tend to not
implement effective risk management, - ... but they need it most.
119Analogy
Risk management is like having a police force
that only patrols in safe neighborhoods.
120A Little History
- Financial risk management emerged in the early
1990s, for various reasons. - Primarily, it was an initiative of the financial
services industry to forestall regulation of the
OTC derivatives markets. - Perhaps its defining document was the Group of 30
report Derivatives Practices and Principles.
121Caveat Emptor
- Financial risk management successfully
forestalled derivatives regulation. - No one guaranteed it would actually work.
122Case Study
123Exercise Seven