Risk Management Flashcards
(32 cards)
Risk
Exposure to uncertainty. More colloquially, risk is about the chance of a loss or adverse outcome as a result of an action, inaction, or external event. Return without risk is a false hope. Many decision makers focus on return, which is not something that is easily controlled, as opposed to risk, or exposure to risk, which may actually be managed or controlled.
Risk exposure
state of being exposed or vulnerable to a
risk. Risk exposure results from the decisions of an organization or investor to take on risk-sensitive assets and liabilities.
Risk Management (7 Steps)
Process by which an organization or individual defines the level of risk to be taken, measures the level of risk being taken, and adjusts the latter toward the former, with the goal of maximizing the company’s or portfolio’s value or the individual’s overall satisfaction, or utility. It is not about predicting risks. Instead, it means that if an unpredictable event, either positive or negative, happens in an uncertain world, the impact of that event on the organization or portfolio would not be a surprise and would have been quantified and considered in advance. In a good risk mgt process, most of the work is done before an adverse event happens. It is a continuous process which is always being reevaluated & revised. It is not about minimizing risk but measuring risk exposure & defining level of risk appetite
Risk Governance
Normally performed at the board level, governance is how goals are defined, authority is granted, and top-level decisions are made. The foundation for risk mgt in the organization is set at the board level as well. Risk governance is the top- down process and guidance that directs risk management activities to align with and support the overall enterprise
Enterprise risk management (part of risk governance step)
An overarching governance approach applied throughout the organization and consistent with its strategy, guiding the risk management framework to focus risk activities on the objectives, health, and value of the entire organization. Requires entire economic BS of business is considered, not just assets or one part of business in isolation. Equally applicable to individual. Because of the extremely variable life cycle of an individual and the
discrete nature of many individuals’ goals, the enterprise view is even more important to risk mgt for individuals than it is for institutions. The appropriate set of risks for an individual must be viewed not in isolation, but in consideration of the goals and characteristics of the individual in a holistic view.
Risk identification and measurement
The main quantitative core of risk management; but more than that, it must include the qualitative assessment and evaluation of all potential sources of risk and the organization’s risk exposures. The power of technology has allowed for risk management to be more quantitative and timely
Risk Infrastructure
Refers to the people and systems required to track risk exposures and perform most of the quantitative risk analysis to allow an assessment of the organization’s risk profile. Infrastructure would include risk capture (the important operational process by which a risk exposure gets populated into a risk system), database and data model, analytic models and systems, a stress or scenario engine, and an ability to generate reports, as well as some amount of skilled and empowered personnel resources dedicated to building and executing the risk framework.
Policies and processes
Extension of risk governance into both the day-to-day operation and decision-making processes of the organization.
Risk monitoring, mitigation, and management
The most obvious facet of a risk framework, but also one of the most difficult processes. This is where much of a firm’s day to day risk mgt activity focuses. There is a major decision at the monitoring stage: Management must check that all the risks are in line and not outside the limits of the defined risk tolerance or budget. This process involves evaluating the actual risk exposures compared with the organization’s risk policies and procedures to ensure that everything is in compliance. If the answer is “no,” then risk mitigation and management actions need to be taken to modify risk levels and to bring them back into compliance. When risks are in line with limits, policies, tolerances, mandates, and so on, then the process moves back to continuous monitoring followed by communicating risk levels
Communication of critical risk issues
Must happen continually and across all levels of the organization
Strategic analysis or integration
Help turn risk management into an offensive weapon to improve performance. Good risk management is a key to increasing the value of the overall business or portfolio
Risk tolerance
The most important element of good risk governance is the risk tolerance discussion and decision within the governing body. Risk tolerance identifies the extent to which the organization is willing to experience losses or opportunity costs and to fail in meeting its objectives. The risk tolerance decision for an individual is similar, but not identical, to that of a business enterprise. The individual’s risk tolerance decision is the harder one. The risk tolerance decision begins with two different analyses that must be integrated—an “inside” view and an “outside” view. First, what shortfalls within an organization would cause it to fail, or at least fail to achieve some critical goals? Second, what uncertain forces is the organization exposed to? on. This risk tolerance should be formally chosen and communicated before a crisis, and will serve as the high-level guidance for management in its strategic selection of risks. Many organizations will do this after a crisis, which is better than not doing it at all but is much like buying insurance after the loss occurs. Factors that shall not determine risk tolerance are Personal motivations, beliefs, and agendas of board members (the agency problem); company size; whether the market environment seems stable; short-term pressures; and management compensation often affect risk tolerance in ways that might not be in line with the owners’ best interests.
Risk Budgeting
Picks up where risk tolerance leaves off. Whereas risk tolerance focuses on the appetite for risk and what is and is not acceptable, risk budgeting has a more specific focus on how that risk is taken. Risk budgeting quantifies and allocates the tolerable risk by specific metrics; it extends and guides implementation of the risk tolerance decision. Risk budgeting applies to both business management and portfolio management. Equity is traditionally riskier than hedge funds, but some equities are of quite low risk and some hedge funds are of quite high risk. This is not formally required but good to have. It can be complex & multi dimensional or simple, one dimensional (VAR, SD, Beta, Scenario loss & etc.). A benefit of risk budgeting is that it considers risk tradeoffs
Financial vs Non financial risk
Set of risks that originate from the financial markets (Market risk, Credit risk, Liquidity risk) vs those that emanate from outside the financial markets (Settlement risk - occurs just before default, legal risk, compliance risk (regulatory risk, a/cing risk, tax risk), Model risk, tail risk - more event in the tail of distribution than would be expected by probability models (ignoring tail risk is a form of model risk), Operational risk (Internal risk) - arises from inadequate or failed people, system & internal policies as well as from external events that are beyond control of organization but affect its operation, cyber risk & Terrorism - major operational risk, Solvency risk - runs out of cash which can be mitigated but never eliminated, Mortality risk - Manifested
by a termination of the income stream generated by the person, Longevity risk - risk of outliving one’s financial resources.)
Mkt risk
Arises from movements in interest rates, stock prices, exchange rates, and commodity prices. The most obvious and visible risks faced by most organizations and many individuals. The financial markets receive considerable attention in the media, and information on financial market activity is abundant
Credit risk (Default or Counterparty risk)
the risk of loss if one party fails to pay an amount owed on an obligation, such as a bond, loan, or derivative, to another party. The root source of the risk can arise from fundamental conditions in the economy, industry, or weakness in the market for a company’s products. Ultimately, default is an asset-specific risk.
Liquidity risk (TC risk)
Risk of a significant downward valuation adjustment when selling a financial asset. In order to sell an asset, a party may need to reduce the price to a level that is less than the marked value or the seller’s assessment of the asset’s true value based on the fundamentals of the asset. The liquidity risk of a $10 stock purchased for $10 is not the risk that one would receive the “bid” price of only $9.99 right after one bought it. That $0.01 spread is a known cost when the stock is purchased, so it is not a risk. The risk is that this spread cost might increase dramatically as a result of either changing market conditions or attempting to maintain a position significantly larger than the normal trading volume for the stock
Rogue trader
the risk that a trader or portfolio manager will fail to follow laws, rules, or guidelines and put the company at great financial risk. A rogue trader is a trader who engages in risky transactions without regard for the organization’s limits or conforming to its controls.
Risk are independent?
Risks do not usually arise independently,
but generally interact with one another, a problem that is even more critical in stressed market conditions. The resulting combined risk is practically always non-linear in that the total risk faced is worse than the sum of the risks of the separate components.
Risk metrics
Probability is a measure of the relative frequency with which one would expect an outcome, series of outcomes, or range of outcomes to occur. Probability is not a sufficient metric of risk. SD is a measure of the dispersion in a probability distribution. SD measures a range over which a certain percentage of the outcomes would be expected to occur. SD may not be an appropriate measure of risk for non-normal distributions. Standard deviation may not exist for return distributions with fat tails. Beta measures relative risk, meaning how much market risk an asset contributes to a well-diversified portfolio. The sensitivity of the derivative price to a small change in the value of the underlying asset is called the delta. It is perhaps the most important measure of derivatives risk. Yet delta is limited to capturing only small changes in the value of the underlying. Large changes are captured by the concept of gamma. Whereas delta is a first-order risk, gamma is considered a second-order risk because it reflects the risk of changes in delta. Some derivatives, such as options, are also sensitive to changes in the volatility of the underlying. This risk is captured by a concept called vega, which is a first-order measure of the change in the derivative price for a change in the volatility of the underlying. Derivatives are also sensitive to changes in interest rates, which are reflected in a measure called rho. Duration is a measure of the interest rate sensitivity of a fixed-income instrument. Analogous to delta, it is a first-order risk. VaR is a measure of the size of the tail of the distribution of profits on a portfolio or for an organization.
Value at risk
It contains three elements: an amount stated in units of currency, a time period, and a probability. In a VaR measure, there is no ultimate maximum that one can state. VaR is thus a minimum extreme loss metric. VaR can also be used to measure credit losses, although the construction of the measure is considerably more difficult given the extreme asymmetry of the risk. VaR is a simple but controversial measure. VaR is subject to the same model risk as derivative pricing models. VaR is based on a particular assumption about the probability distribution of returns or profits. If that assumption is incorrect, the VaR estimate will be incorrect. The maximum loss is the entire equity of an organization or the entire value of a portfolio, but the statistics
used to estimate VaR can be used to gauge average extreme losses. Conditional VaR
or CVaR is a common tail loss measure, defined as the weighted average of all loss outcomes in the statistical distribution that exceed the VaR loss. Another tail risk metric in the credit risk space that is analogous to CVaR is expected loss given default, which answers the question for a debt security, “If the underlying company or asset defaults, how much do we lose on average?” VaR focuses on the left tail of the distribution and purports to tell us the expected frequency of extreme negative returns, but it can understate the actual risk.
Extreme value theory
Measures of the statistical characteristics of outcomes that occur in the tails of the distribution.
Measures to complement VAR
Scenario analysis can be thought of as a package of stress tests, usually with some common underlying theme. A scenario defines a set of conditions or market movements that could occur and would put some pressure on a portfolio. A different means of posing a scenario analysis is stress testing, which is done by proposing specific asset price moves generally involving extremely large and high pressure scenarios that would occur only rarely but would have the potential for destabilizing the entire organization
Other measures of credit risk
credit VaR, probability of default, expected loss given default, and the probability of a credit rating change.
