Chapter 29: Risk measurement and reporting Flashcards
(22 cards)
What are the 2 key features that are assessed for all risk events?
- The probability of the event occurring
- The expected loss if the event occurs.
Describe how the risk identification “brainstorming” approach can be extended to obtain a subjective assessment of risk exposure.
The probability and severity of each risk event are both estimated (separately) using a simple scale.
The product of the probability and severity assessments gives a score on a scale. This provides an assessment of each risk event and allows them to be ranked and prioritized.
The assessment would be carried out with and without possible risk controls.
Outline how a model can be used to assess a risk event
Distributions need to be assigned to both the probability and severity of the risk event (unless the latter is a fixed amount rather than a PV, such as for a without profit term assurance policy).
To quantify the risk simply, the company could define an event and then use historical data to determine a probability distribution for that event. Alternatively, the frequency of the event could be defined and this could be used to determine the loss parameter.
A decision needs to be made as to whether a stochastic or deterministic model is appropriate.
The availability of data to parameterize the model may influence the decision as to which model (if any) is used. This is particularly important when considering rare events.
What are features of a risk that would make it more appropriate to model using a stochastic rather than a deterministic approach.
- The risk has a high score (high severity and/or frequency) and therefore is a high priority to assess carefully.
- The risk has a high variability of possible outcomes
- The risk has a lot of experience data on which to base the probability distributions
- The risk relates to financial guarantees or options
- The risk involves the mismatching of assets and liabilities.
State 5 ways of evaluating risks
- Scenario analysis
- Stress testing
- Combined stress and scenario testing
- Reverse stress testing
- Stochastic modelling
Outline 4 steps that should be involved in a scenario analysis to evaluate operational risk
- Group risks into broad categories. This should involve input from a wider range of senior individuals in the organisation
- Develop a plausible adverse scenario of risk events for each group of risks, which is representative of all the risks in the group.
- Calculate the consequences/costs of the risk event occurring for each scenario, again involving senior staff.
- Calculate the total costs of all risks represented by the scenario.
Suggest 6 categories into which operational risks might be divided for the purpose of scenario analysis
- Fraud
- Loss of key personnel
- Mis-selling of financial products
- Calculation error in the computer system
- Loss of business premises
- Loss of company e-mail access
What is stress testing?
Stress testing is a deterministic method of modelling extreme risk events. It is commonly used to model extreme market movements, but can be applied to other risks (e.g. credit, liquidity).
In relation to market risk it involves subjecting a portfolio to extreme market movements by radically changing the underlying assumptions and characteristics - including changing asset class correlations and volatilities, which are often observed to increase during extreme market events.
Outline 2 types of stress test
Two types of tests are designed to:
1. Identify ‘weak areas’ in the portfolio and investigate the effects of localised stress situations by looking at the effect of different combinations of correlations and volatilities.
2. Guage the impact of major market turmoil affecting all model parameters while ensuring consistency between correlations while they are stressed.
Explain what is meant by reverse stress testing
This is the combination of a severe stress scenario that only just allows the company to be able to fulfill its strategic business plan.
Equivalently, it is the scenario which would just be enough to stop them doing so.
The scenario might be financial or non-financial
Although it might be an extreme scenario, it must be plausible
Describe how a stochastic model could be used to evaluate a particular risk
The variables that give rise to the risk are treated as RVs with probability distributions.
The model must be dynamic, with full interactions / correlations between variables.
The model can be run to determine the amount of capital that it needs to (just) void ruin with a given probability.
Outline 3 approaches to limiting the ideal scope of a stochastic model in order to make the model more practical.
- Restrict the time horizon that the model projects
- Limit the number of variables that are modelled stochastically and model the other variables deterministically with scenario testing.
- Carry out a number of runs each with a different single stochastic variable, followed by a single deterministic run using all the worst case scenarios together.
Outline how the overall capital requirement for a combination of risks relates to the individual risk capital requirements, if the risk events are:
- fully dependent
- fully independent
- partially dependent
Fully dependent:
The overall capital requirement is the sum of the individual capital requirements
Fully independent:
The overall capital requirement is less than the sum of the individual capital requirements (the difference is the diversification benefit). Under certain assumptions, the overall capital requirement can be determined as the square root of the sum of the squares of the individual risk capital requirements.
Partially dependent:
The overall capital requirement is less than the sum of the individual risk capital requirements. The diversification benefit depends on the degree of correlation (possibly negative) between the risks.
List 3 methods of aggregating partially dependent risks
- Stochastic model
- Correlation matrix
- Copulas
Discuss the advantages and disadvantages of the notional approach
Advantages:
* Simple to implement and interpret across a diverse range of organisations.
Disadvantages:
* Potential undesirable use of a ‘catch all’ weighting, for undefined asset classes
* Possible distortions to the market caused by increased demand for asset classes with high weightings
* Treating short positions as if they were the exact opposite of the equivalent long position (in practice, they might affect the capital requiremetns to different extents)
* No allowance for concentration risk, as the risk weighting for an asset class is the same irrespective of whether the investment in that asset class consists of a single security or a variety of different securities.
* The probability of the changes considered is not quantified.
Discuss the advantages and disadvantages of the factor sensitivity approach
Advantages:
* Increased understanding of the drivers of risk
Disadvantages:
* Not assessing a wider range of risks, by focusing upon a single risk factor
* Being difficult to aggregate over different risk factors
* The probability of the changes considered is not quantified.
List the 4 probabilitistic approaches to measuring risk
- Deviation
- Value at Risk
- Probability of ruin
- Tail Value at Risk
How can liability risks be measured?
Liability risks can be measured by an analysis of experience, e.g. actual deaths divided by expected deaths.
It is important to ensure consistent classification and measurement of the risk event and the exposure to risk.
Discuss the advantages and disadvantages of VaR
Advantages:
* The simplicity of its expression
* The intelligibility of its units, i.e. money
* Its applicability to all types of risks
* Its applicability over all sources of risk - facilitating easy comparisons between products and across businesses its inherent allowance for the way in which different risks interact to cause losses.
* The ease of its translation into a risk benchmark, e.g. risk limit.
Disadvantages:
* It gives no indication of the distribution of losses greater than the VaR
* It can under-estimate asymmetric and fat-tail risks as it does not quanitfy the size of the ‘tail’
* It can be very sensitive to the choice of data, parameters and assumptions
* VaR is not always sub-additive (Subadditivity means that a merger of risk situations does not increase the overall level of risk)
* If used in regulation it may encourage ‘herding’, thereby increasing systemic risk
Describe what is meant by a “risk portfolio” and what it might contain
The risk portfolio categorises the various risks to which the business is exposed to. Against each risk would be recorded a quantification of its impact and probability.
The risk portfolio can then be extended to indicate how the risk has been dealt with (avoided, retained, diversified, mitigated).
For risks that are retained, the risk portfolio becomes a more detailed risk register. It would also include:
* details of control measures
* reassessment of value and impact after controls
* the risk owner
* the board committee or senior manager with oversight of the risk
* identification of concentrations of risk and the need for management action in these areas.
Give 10 reasons why regular risk reporting is important within a business
- To identify any new risks faced by the business
- Obtain a better understanding of the risks faced by the business in terms of quantifying the materiality and financial impact of individual risks
- To determine appropriate risk and control systems to manage specific risks
- Proactively monitor and manage the effectiveness of risk and control systems within its business
- Assess whether the risks faced by a business are changing over time
- Assess the interaction between individual risks
- Appropriately price, reserve and determine any capital requirements for its business.
- Give shareholders or potential shareholders in a business a greater understanding of the attractiveness of that business for investment
- Help credit rating agencies determine an appropriate rating for the business
- Give a regulator a greater understanding of the areas within a business which could require more scrutiny.
Explain why, if risk is managed at the enterprise level, it is necessary to have a coherent system of risk reporting across the whole enterprise.
By budgeting for risk across the whole enterprise, maximum use can be made of diversification benefits, and thus the minimum capital required to support the risks undertaken.
One of the consequences of this approach is that it is necessary to have a system of risk reporting across the whole enterprise. It is important for the CRO to be aware of whether all business units are using the risk allocation that they have been given.
If 2 business units are allocated risk exposures that diversify away, but one of the two units does not take on the risk exposure allocated, this could increase the capital requirements of the enterprise.
