Secrets of Financial Risk Management

1
Secrets ofFinancial Risk Management
2
External Financing of Barings Futures (Japan)
Limited
800
Bank loans to Baring Securities (Japan) Limited
JGBs loaned to Baring Securities (Japan) Limited
600
Pounds (millions)
400
200
0
Dec 1994 Jan 1995
Feb 1995
Source Bank of England, Board of Banking
Supervision
3
Internal Financing of Barings Futures
(Singapore) Limited
Source Bank of England, Board of Banking
Supervision
4
Quote
Were calling it theBarings Overhang. Two
days before the collapse Newspaper ReporterTokyo
5
Quote
One specific concern in the futures area is the
level of margin calls paid by BSL London without
knowing precisely on whose behalf the cash is
being paid. Internal memo,seven months prior to
the collapse James BakerInternal Audit, London
6
Quote
We were not in a position in London to actually
check the validity of the sums in total being
requested. Recollections Tony GambySettlements
Director, London
7
Quote
We just accepted his word that the figures
required ran into millions. Recollections Tony
HawesGroup Treasurer, London
8
Quote
I did not look at this as a reconciliation
problem for myself. Recollections Brenda
GrangerHead of Futures and Options Settlement,
London
9
Quote
You could say that it was a finance function
responsibility you could say that it was a
Futures and Options Settlements responsibility
you could say it was a Treasury responsibility. I
think it was probably the responsibility of all
three, but this is certainly something we wanted
to resolve. Recollections Ian HopkinsHead of
Group Treasury and Risk, London
10
Quote
Awaiting breakdown from my buddy Nick (once
they creatively allocate the numbers). Internal
E-mail,one month prior to the collapse Brenda
GrangerHead of Futures and Options Settlements,
London
11
Quote
We understand that the relationship between Tony
Hawes, who arranged the funding, and Ron Baker
and Waltz, who were seeking the funding, was not
good. Report on the Collapse Bank of England
12
Quote
Mary was aggressive and definitely had an
attitude about the way in which Treasury was
run. Recollections Tony HawesGroup Treasurer,
London
13
Quote
I am not walking away from the fact that I knew
that there were margin calls, and I knew that
there were hundreds of millions of dollars
involved it was not something that I felt the
responsibility for working out the details
of. Recollections Ron BakerHead of Financial
Products Group, London
14
What is Risk?

• Volatility in the price of electricity
• A possible computer crash
• Uncertainty in a counterpartys ability to meet
  obligations
• Questionable liquidity in a financial market
• Possible fraud by employees
• Not knowing what a colleague is thinking
• Skiing Jackson Hole, Wyoming

15
Exercise One
16
Definition
Risk is exposure to uncertainty.
17
Exposure

• Exposure is caring if something happens.
• We can be exposed to
• Weather
• Pain
• Loss
• Caring is a subjective, personal experience.
• Exposure is a subjective, personal experience.

• Taxes
• Deception
• Fraud

• Inflation
• Violence
• Happiness

18
Uncertainty

• Uncertainty is Ignorance.
• Ignorance is personal
• Two people can have different knowledge about
  something.
• Ignorance is subjective
• We can be ignorant and not even know it.
• Two people can have contradictory knowledge.
• Uncertainty is a subjective, personal experience.

19
Nature of Risk

• Risk is subjective.
• Risk is personal.

20
Exercise Two
21
Part 1
You are exposed, but there is no uncertainty.
There is no risk.
22
Part 2
You are exposed, and you are uncertain. There is
risk.
23
Part 3
Since the die is 10-sided, the probability of
losing 100 is 10.
24
Part 4
The rock is definitely uncertain,but it is
incapable of caring. Because there is no
exposure. The rock has no risk.
25
Part 5
Like the rock in the last question, the company
is incapable of caring. The company faces no risk.
26
Conclusion

• Companies dont take risk.
• People do.

A company is a conduit of risk.
27
Conclusion

• Companies dont have goals.
• People do.

A company is a means of achieving those goals.
28
Goals Risks

• Wherever there are goals there are risks.
• Wherever there are no goals, there are no risks.

29
A Company is a Conduit of Risk
Stock Holders
Regulators
Customers
Management
Board
Company
Auditors
Employees
Suppliers
Creditors
Society
30
Exercise Three
31
We Talk as if Companies Took Risk

• We dont say
• Fred lost 100MM of the shareholders money.
• Instead, we say
• The company lost 100MM.

32
We Talk as if Companies Took Risk

• We dont say
• Jane is exposing the shareholdersto a 25MM
  loss.
• Instead, we say
• The company has a 25MM exposure.

33
Managing Risk

• To manage risk, we have to acknowledge that
  companies dont take risk.
• All risks accrue to people.
• Board members, management and employees are
  agents of those people.
• They take risk on their behalf.
• We may shape their behavior by imposing
  correlated risks on them.

34
Definitions

• Risk taker Someone who takes risk on his own
  behalf.
• Risk agent Someone who takes risk on another
  persons behalf.
• Risk client Someone who takes risk through an
  agent.

35
Informal Distinction

• Strategic risk agent Someone who takes strategic
  risks on behalf of someone else.
• Tactical risk agent Someone who takes tactical
  risks on behalf of someone else.

36
Simple Risk Taking
Individual risk taker
37
Agency Risk Taking
risk client
risk agent
38
Complex Risk Taking
risk client
Strategic risk agent
Tactical risk agents
39
More Complex Risk Taking
40
Highly Complex Risk Taking
41
Case Study

• Company A

42
Agency Risk

• Agency risk is the risk from employing someone
  else to take risk on our behalf.
• Risk increases with the number of agents

43
Addressing Agency Risk

• Communication
• Two-way communication is essential.
• Oversight
• Investigate agents backgrounds.
• Investigate conflicts of interest.
• Be aware of agents activities.
• Vested Interest
• Impose on the agent a risk that is correlated to
  yours.
• Incentives They gain when you gain.
• Disincentives They lose when you lose.

44
Role of Communication

• Communication is essential whenever we employ
  risk agents.
• Must be two-way communication.
• Client communicates with
• Business Plan
• Policies and procedures
• Agent communicates with
• Reports
• Requests for changes to procedures

45
Role of Oversight

• Useful for addressing known or predictable
  aspects of risks
• Known market risks
• Known patterns of fraud
• Known sources of credit risk
• Known security risks
• These are often tactical risks.

46
Role of Vested Interests

• Useful for addressing unanticipated or
  unpredictable aspects of risks
• New market risks
• New patterns of fraud
• New sources of credit risk
• New security risks
• These are often Strategic risks.

47
Example
How can a group address risks it does not
anticipate?
48
Quote
The one that gets you is the oneyou never
see. Unknownfighter pilot
49
None Anticipated the Risk

• Orange County (1994)
• Barings Brothers (1995)
• Daiwa Bank (1995)
• Sumitomo Corp. (1996)
• LTCM (1998)

50
Solution

• You cant address a risk you dont anticipate.
• The key is making sure someone does anticipate
  it.
• Do employees care?
• Are they lying awake at night worrying about
  risk?
• or do they feel if something goes wrong,it
  wont affect me.
• Give them a vested interest by holding them
  accountable.

51
Making People Accountable

• Individual decision making.
• Inform people.
• Make people responsible.

52
Individual Decision Making

• Every decision must be made by one person.
• Groups make poor decisions because groups are not
  accountable.
• If one persons name goes on a decision, he will
  sweat the details.

53
Quote
This one-for-all-and-all-for-one bit has been
about losing money together. Electricity Risk
Manager
54
Value of Groups

• Groups have broader knowledge than individuals.
• Individual decision makers should always have
  access to group members opinions.
• For certain decisions, you can require a second
  person or committee to accept a decision.
• They cant make the decision themselves.
• If they reject a decision, they can only refer it
  to some other individual to make.
• An individual must be responsible.

55
Informing People

• Without information, no one is accountable.
• Make people accountable by giving them all the
  information they need
• Data
• Reports
• Training
• Opinions
• Document that the information was provided.

56
Example Orange County
County supervisors claim they were not provided
critical information that would have indicated
the risks Citron was taking.
Were they accountable?
57
ExampleSinking of the Ehime Maru
"My career is terminatedan accident of this
sort, whether or not I am exonerated, will end my
career. Scott Waddle,Commander, USS Greeneville
On February 9, 2001, the US submarine Greeneville
accidentally rammed and sank the Japanese fishing
vessel Ehime Maru. Nine lives were lost.
58
Exercise Four
59
Solution
Group Discussion
60
Group Decisions
61
Individual Decisions
62
Making People Responsible

• Making people responsible means letting go.
• You cant let someone make a decision on
  condition they make the right decision.
• You have to let them decide.
• Having to abide with decisions we dont like is
  better than group responsibility.

63
Quote
Mary is getting pissed off about allthe
structured products were parking in her
portfolio. Financial Executive
64
Challenge

• Many risks dont fit into neat packages.
• They involve different risk agents in various
  departments.
• How can we allocate responsibility?

65
Example

• A bank loses money selling a new form of exotic
  derivative.
• Who is accountable for this risk?
• The vice president who approved the product?
• The financial engineer who could have warned
  about possible mishaps?
• The trader who was responsible for hedging the
  exposures?
• The manager who might have questioned the large
  volume being sold?

66
Example

• A electricity trading firm sells a 5-year
  wholesale contract for electricity.
• Because of the long maturity, hedging is
  difficult.
• When the company loses money on the deal, who do
  we blame
• The sales person who sold the deal?
• The manager who approved it?
• The trader who might have hedged it?

67
Example Requirements Service Electricity
Contracts
Hedging with call options will be too expensive.
68
Example Requirements Service Electricity
Contracts

• A strategic decision needs to be made.
• Will it be the right decision?
• Will anyone be accountable?

69
Challenges of FacilitatingStrategic Decision
Making

• Identifying when a decisions needs to be made.
• Avoiding group decision making.
• Avoiding informal individual decision making (no
  documentation or accountability).
• Ensuring decisions actually are madeor arent
  made by default.

70
Solution
Policies Procedures
71
Policies

• Policies are high-level guidelines for how an
  organization will pursue its business plan
• Generally issued by the board of directors
• Describe roles, committees and an overall
  decision making process for the organization.
• Policies are not specific to any particular
  business plan.
• They can largely remain the same as a business
  plan evolves.

72
Procedures

• Procedures are detailed rules for how an
  organization will pursue its business plan
• Approved by management
• Specifies things like authorized transactions,
  work processes, risk limits, etc.
• Procedures are specific to a particular business
  plan.
• They are revised as the business plan evolves.

73
Bureaucracy

• People often fear formalized procedures because
  they associate them with bureaucracy.
• Bureaucracy is the failure of formalized
  procedures.
• Bureaucracy stifles activity and suppresses
  innovation.
• Effective procedures have the opposite effect.

74
Role of Procedures

• People who fear procedures tend to view them as
  restricting employees actions.
• Instead, they empower employees.
• Procedures grant employees specific authority to
  take risks on behalf of the organization.

Is the glass half full or half empty?
75
Procedures are for Changing

• Static procedures that never change are
  bureaucracy.
• Procedures should be a living document that
  changes as the business plan or business
  environment changes.
• The process of changing procedures represents a
  flow of information from tactical risk agents to
  strategic risk agents.

76
Procedure ChangesAre Information
This is odd. That procedure has existed for ten
years, so why change it now? Something is going
on that I am not aware of. Is he planning on
doing something irresponsible? or is our
market changing?
Hi boss I need to do a transaction that is not
covered by our procedure. It is really important.
Can we change the procedure?
77
Research Every Request

• Every request for a change in procedure needs a
  formal review.
• The request itself is telling you somethingfind
  out what it is telling you.
• One person should decide on the change.
• But a risk committee should accept the change.

78
Information Flows
Risk Reports
Requests for Changes to Procedures
Tactical Risk Agents
79
Procedures Should Change Frequently

• Procedures should reflect the minimum authority
  necessary to achieve a business plan.
• Evolving business conditions will necessitate
  frequent expansion of procedures.
• Every proposed change represents an information
  flow.
• Report requests for and decisions relating to
  procedure changes in the daily risk report.
• Annually review procedures to narrow them where
  possible.

80
Procedures Take Many Forms

• Authorized Transactions
• Data Security
• Risk Reports
• Catastrophe Planning
• Corporate Ethics
• Changes to Procedures
• Model Inventorying

• VaR Limits
• Stop-Loss Limits
• Credit Limits
• Sales Practices
• Background Checks
• Trade Confirmations
• Hedging Practices

Each organization chooses procedures appropriate
for achieving its own business plan.
81
Organizational Risk Taking
82
Exercise Five
83
Definition
Financial Risk Management is the process whereby
an organization optimizes the manner in which it
takes financial risk.
84
Role of Risk Managers

• What are risk managers responsible for?
• Can risk managers perform hedging trades?
• How should risk managers implement change within
  the organization?
• Where does risk managements responsibility for
  risk end and senior managements responsibility
  begin?
• What constitutes success or failure in risk
  management?

85
Quote
Risk Management is like pushing on a
string. Electricity Risk Manager
86
Business Model

• We need to define a business model for risk
  management.

87
Case Study

• Company B

88
Business Model

• There are two competing models for risk
  management.
• Most organizations use the wrong model.

89
Wrong ModelRisk Managers as Super Risk Agents

• Risk managers
• Assess what risks are appropriate.
• Intervene in risk taking activities where
  necessary.
• Advise management on risk taking.
• With this model, risk managers are viewed as
  super risk agents.

90
Problems with the Wrong Model

• Formalizes group decision making
• Responsibility for each risk is divided
  betweenat least one risk agent and a super risk
  agent.
• Who takes credit if a risk is successful?
• Who takes blame if a risk is a failure?
• No one is accountable.
• Based upon a flawed premise that risk agents
  arent experts in taking risk.

91
Correct Roles Should Be

• The role of strategic risk agents is to take
  strategic risk.
• The role of tactical risk agents is to take
  tactical risk.
• If they cant do their job
• Replace them with someone who can.
• Appointing a risk manager to help them treats
  the symptom instead of the problem.

92
Consequencesof the Wrong Model

• Tactical risk agents feel threatened
• Their careers depend upon successfully taking
  risks.
• Super risk agents threaten this role.
• Strategic risk agents focus less on risk
• They have delegated the problem.
• Risk managers become isolated
• Tactical risk agents avoid them.
• Often, strategic risk agents avoid them.

93
Quote
Its a constant battle between us and the risk
police Capital Markets Trader
94
Correct ModelRisk Managers as Facilitators

• Recognizes that strategic and tactical risk
  agents are responsible for all risks.
• Agency risk is addressed with
• Communication
• Oversight
• Vested Interest
• Someone has to facilitate these.
• This is the role of risk managers.

95
Correct Model

• We dont need super risk agents.
• We need facilitators.

96
Risk Management Facilitates
Strategic Risk Agents
Risk Reports
Requests for Changes to Procedures
Risk Management
Tactical Risk Agents
97
Fundamental Tenetof the Right Model

• Risk management must be completely segregated
  from risk taking.
• Risk managers
• Do not take risk
• Do not advise on risk taking
• Do not have opinions about risks
• They facilitate
• No one can facilitate a process if they are a
  participant in that process.

98
Risk Managers Facilitate

• Open communication
• Clarifying responsibility

99
Open Communication

• Strategic risk agents communicate with
• Business plans
• Policies and procedures
• Tactical risk agents communicate with
• Reports
• Information
• Supports effective decision making
• Makes recipients accountable

100
Clarifying Responsibility

• One name must go on each riskeach decision.
• The process must be systematized because
• It is most likely to break down when issues
  become contentious.
• Contentious issues are a harbinger of risk.

101
Wrong Model
102
Right Model
103
Comparison of Models

• Cooperative
• Addresses all risks
• Strategic risk agents act as risk agents.
• Accountability promoted for everyone.

• Confrontational
• Focus is tactical risk
• Strategic risk agents become mediators
• Strategic risk agent accountability is not
  promoted.

104
Exercise Six
105
Case Study

• Company C

106
Implementing Risk Management

• Set goals
• Individual accountability
• Risk managers as facilitators
• To succeed, everyone needs to change how they
  act
• Strategic risk agents
• Tactical risk agents
• Risk managers
• We need to change the rules.

107
Problem

• In theory, we want risk managers to facilitate
  and not participate in risk taking.
• In practice, this is impossible.
• Every decision a risk manager makes will give
  clues about her opinions on risks.
• Does she highlight a particular risk in the risk
  report?
• Does she mention a particular risk in a meeting?
• Does she enforce some procedure in a particular
  situationor not bother?
• Does she recommend new risk software?

108
Problem

• Every decision a risk manager makes will shape in
  some manner how the organization takes risk.
• No matter how hard she tries to merely facilitate
  risk taking, she inevitably also participates in
  that risk taking.
• It is impossible to facilitate a process without
  somehow contributing to that process.

109
Solution

• The Right Model for risk management can never be
  fully achieved.
• All risk management programs fall somewhere in a
  continuum between the right and wrong models.
• The goal is to get as close to the right model as
  possible.

110
The Right Model

• The Right Model is like a city on a hill.
• We never actually reach it.
• ... but we constantly strive to approach it.

111
Organizational Rules

• Policies The written set of rules in an
  organization.
• Culture The Unwritten set of rules in an
  organization.

112
Impact of Culture

• Culture operates by shaping the personal risks
  people face in the organization.
• Can limit peoples ability to act or enhance it.
• Often personal risks shaped by culture do not
  correlate with the risks of the organization
• A board member who is afraid to rock the boat.
• A trader who is afraid to admit a mistake.
• A clerk who is afraid to speak up.
• This is bad culture.

113
Bad Culture

• Paternalistic.
• Hierarchical.
• Group responsibility.
• People dont ask questions.
• People hoard information.
• Risk averse

114
Quote
People at the London end of Barings were all so
know-all that nobody dared ask a stupid question
in case they looked silly in front of everyone
else. Nick LeesonRogue Trader
115
Good Culture

• Entrepreneurial
• Flat organization
• Individual responsibility.
• People ask questions.
• People want to share information.
• Accepting of risk.

116
Case Study

• Company D

117
Key to Success

• Risk management needs a positive corporate
  culture to succeed.
• Corporate culture comes from the top.
• Conclusion Risk management must come from the
  top.

118
Another Problem

• Risk management comes from the top.
• Competent, hands-on managers tend to implement
  effective risk management,
• ... but they need it least.
• Incompetent, self-serving managers tend to not
  implement effective risk management,
• ... but they need it most.

119
Analogy
Risk management is like having a police force
that only patrols in safe neighborhoods.
120
A Little History

• Financial risk management emerged in the early
  1990s, for various reasons.
• Primarily, it was an initiative of the financial
  services industry to forestall regulation of the
  OTC derivatives markets.
• Perhaps its defining document was the Group of 30
  report Derivatives Practices and Principles.

121
Caveat Emptor

• Financial risk management successfully
  forestalled derivatives regulation.
• No one guaranteed it would actually work.

122
Case Study

• Company E

123
Exercise Seven