FRM Exam Part I PDF 2024

® @GARP FRM I Financial Risk Manager 2024 ® EXAM PART I Foundations of Risk Management @Pearson Copyright© 2024, 2023, 2022, 2021, 2020 by the Global Association of Risk Professionals All rights reserved. This copyright covers material written expressly for this volume by the editor/s as well as the compilation itself. It does not cover the individual selections herein that first appeared elsewhere. Permission to reprint these has been obtained by Pearson Education, Inc. for this edition only. Further reproduction by any means, electronic or mechanical, including photocopying and recording, or by any information storage or retrieval system, must be arranged with the individual copyright holders noted. All trademarks, service marks, registered trademarks, and registered service marks are the property of their respective owners and are used herein for identification purposes only. Pearson Education, Inc., 221 River Street, Hoboken, NJ 07030 A Pearson Education Company www.pearsoned.com Printed in the United States of America @Pearson ISBN 10: 0-13-832456-5 ISBN 13: 978-0-13-832456-8 Contents 1.6 Structural Change: From Chapter 1 The Building Blocks Tail Risk to Systemic Crisis 12 of Risk Management 1 1.7 Human Agency and Conflicts of Interest 12 1.1 Typology of Risks and Risk 1.8 Risk Aggregation 13 Interactions 2 1.9 Balancing Risk and Reward 14 Market Risk 4 1.1 O Enterprise Risk Management Credit Risk 5 (ERM): More Than Adding Liquidity Risk 5 Up Risk? 15 Operational Risk 6 Business and Strategic Risk 6 Questions 17 Reputation Risk 7 Answers 19 1.2 The Risk Management Process 7 1.3 Identifying Risk: Knowns and Unknowns 8 Chapter 2 How Do Firms Manage Financial 1.4 Quantitative Risk Metrics 10 Expect the Unexpected 10 Risk? 21 From Unexpected to Extreme 10 Risky Relationships 10 2.1 Background: The Modern Value-at-Risk 11 Imperative to Manage Risk 22 Expected Shortfall 11 Risks from Using Risk Management 1.5 Risk Factor Breakdown and Instruments 23 Interactions Between Factors 11 Hedging Philosophy 23 iii 2.2 Risk Appetite-What Is It? 24 The Evolving Role of a Risk Advisory Director 50 2.3 Risk Mapping 26 The Special Role of the Board Risk 2.4 Strategy Selection: Accept, Management Committee 50 Avoid, Mitigate, Transfer 26 3.5 Risk Appetite and Business 2.5 Rightsizing Risk Management 27 Strategy: The Role of Incentives 50 2.6 Risk Transfer Toolbox 28 The Role of the CRO 50 Beer and Metal 29 Limits Policies 51 Airline Risk Management: Monitoring Risk 52 Turbulence Ahead 30 Interest Rate Risk and Foreign 3.6 Incentives and Risk-Taking 52 Exchange Risk Management 31 3.7 The Interdependence of 2.7 What Can Go Wrong in Organizational Units in Risk Corporate Hedging? 32 Governance 53 Summary 33 3.8 Assessing the Bank's Audit Questions 34 Function 54 Answers 36 Questions 56 Answers 58 Chapter 3 The Governance of Risk Management 39 Chapter 4 Credit Risk Transfer 3.1 The Post-Crisis Regulatory Mechanisms 61 Response 42 After the Crisis: Industry Restructuring and the Dodd-Frank Act 44 4.1 Overview of Credit Risk The European Regulatory Response to Transfer Mechanisms 62 the GFC: SREP and EBA Stress Tests 45 4.2 How Credit Risk Transfer 3.2 Infrastructure of Risk Can Be Useful 63 Governance 45 The Board and Corporate Governance 45 4.3 The Mechanics of From Corporate Governance to Securitization 65 Best-Practice Risk Management 46 4.4 From Buy-and-Hold to 3.3 Risk Appetite Statement 47 Originate-to-Distribute 66 3.4 Implementing Board-Level Questions 70 Risk Governance 49 The Board Audit Committee 49 Answers 71 iv Contents Chapter 5 Modern Portfolio Chapter 7 Principles for Theory and Capital Effective Data Asset Pricing Model 73 Aggregation and Risk Reporting 93 5.1 Modern Portfolio Theory 74 5.2 The Capital Asset Pricing Model 76 7.1 Introduction 94 5.3 The Capital Market Line and the 7.2 Benefits of Effective Risk Security Market Line 78 Data Aggregation and Reporting 95 5.4 Estimating Beta 79 7.3 Key Governance Principles 95 5.5 Performance Measures 80 7.4 Data Architecture and IT Sharpe Performance Index 80 Infrastructure 96 Treynor Performance Index 80 7.5 Characteristics of a Strong Jensen's Performance Index 80 Risk Data Aggregation Capability 97 Link Between the Treynor and 7.6 Characteristics of Effective Jensen's Performance Measures 81 Risk Reporting Practices 98 Sortino Ratio 81 Information Ratio 81 Conclusion 99 Questions 82 Appendix 100 Compliance Levels of 30 Banks 100 Answers 83 Questions 101 Answers 102 Chapter 6 The Arbitrage Pricing Theory and Multifactor Chapter 8 Enterprise Risk Models of Risk Management and and Return 85 Future Trends 103 6.1 The Arbitrage Pricing T heory 86 8.1 ERM: What Is It and Why 6.2 Different Types of Factor Models 86 Do Firms Need It? 104 Macroeconomic Factor Models 87 8.2 ERM-A Brief History 105 Fundamental Factor Models 87 Statistical Factor Models 89 8.3 ERM: From Vision to Action 106 6.3 Factor Analysis in Hedging 8.4 Why Might Enterprise Risk Exposure 89 Demand ERM: Four Key Reasons 107 Top to Bottom-Vertical Vision 107 Questions 90 Are T here Potentially Dangerous Answers 91 Concentrations of Risk within the Firm? 108 Contents V Thinking Beyond Silos 108 9.4 Model Risk 128 Risk Retention Decisions: Self-Insurance Wrong Assumptions-The Niederhoffer and Captive Insurance 108 Put Options 129 8.5 T he Critical Importance Long Term Capital Management and Model Risk: When "Normal" of Risk Culture 109 Relationships Breakdown 129 Discussion-Five Culture Clashes 112 Trading Models 130 8.6 Scenario Analysis: ERM's Risk Measurement Models and Stress Sharpest Blade? 113 Testing 130 Scenario Analysis Before the Global Model Risk and Governance- Financial Crisis 114 The London Whale 131 Post-Crisis Trends in Scenario Building 114 Setting the Scene 131 Stress Testing in Europe: Future The Risk Exposure Grows 131 Directions 116 Operational Risk 131 8.7 ERM and Strategic Decisions 116 Corporate Governance: Poor Risk Culture 132 8.8 Conclusion: Risk Management Model Risk: Fudging VaR Models 132 and the Future 117 9.5 Rogue Trading and Questions 120 Misleading Reporting 132 Answers 121 Barings, 1995 132 9.6 Financial Engineering 134 The Risks of Complex Derivatives 134 Chapter 9 Learning from The Case of Excess Leverage and Financial Disasters 123 Complex Financial Instruments: Orange County 134 The Case of Investing in AAA Tranches 9.1 Interest Rate Risk 124 of Subprime CDOs: Sachsen 135 The Savings and Loan Crisis 124 9.7 Reputation Risk 135 9.2 Funding Liquidity Risk 124 Volkswagen Emission Cheating Scandal 135 Liquidity Crisis at Lehman Brothers 125 9.8 Corporate Governance 135 Liquidity Crisis at Continental Illinois 125 Enron 136 Northern Rock-Liquidity and Business Aftermath 137 Models 126 Lessons Learned 126 9. 9 Cyber Risk 137 The SWIFT Case 137 9.3 Constructing and Implementing a Hedging Strategy 127 Conclusion 137 Metallgesellschaft-How a Dynamic Hedging Strategy Can Go Wrong 127 Questions 138 Hedging Considerations 128 Answers 139 vi Contents Questions 150 Chapter 10 Anatomy of the Answers 152 Great Financial Crisis of2007-2009 141 Chapter 11 GARP Code of Conduct 153 10.1 Introduction and Overview 142 10.2 How It All Started 143 I. Introductory Statement 154 10.3 The Role of Financial Intermediaries 144 II. Code of Conduct 154 1. Principles 154 10.4 Issues with the Rating 2. Professional Standards 154 Agencies 145 10.5 A Primer on the Short-Term Ill. Rules of Conduct 155 1. Professional Integrity and Ethical Wholesale Debt Market 145 Conduct 155 10.6 The Liquidity Crunch Hits 146 2. Conflict of Interest 155 10.7 Valuation Uncertainty and 3. Confidentiality 155 Transparency Issues 147 4. Fundamental Responsibilities 155 5. General Accepted Practices 155 10.8 Central Banks to the Rescue 148 IV. Applicability and Enforcement 156 10. 9 Systemic Risk in Action 149 Index 157 Contents vii PREFACE I want to thank you on behalf of GARP's Board of Trustees and The FRM program's coverage is dynamic. The advisory our professional certification program staff for your support of committee reacts to and tries to anticipate market changes, the Financial Risk Manager (FRM ®) program. global economic trends, technological advances, and regulatory It's gratifying to see that in the 26 years since the first FRM adjustments; and assesses how these will affect the necessary examination, the FRM program has become the global standard knowledge and skill sets of a risk management professional. for educating and credentialing financial risk management pro The biggest change to the program's coverage for 2024 fessionals. Its worldwide effects in furthering the understanding revolves around credit risk measurement and management. and acceptance of financial risk management have been highly About two-thirds of the subject readings in Credit Risk positive and, in many ways, transformative. Measurement and Management were updated for 2024. COVID is thankfully in the rearview mirror. We now can be much Notably in 2023, GARP expanded the FRM program's coverage more flexible in expanding-and in certain instances re-focusing of operational resilience, an issue of rapidly growing importance and updating-the FRM program to address the many new around the world. Materials deal with structural vulnerabilities challenges encountered by financial institutions globally. and areas of the financial system that may be under stress. The Our FRM program advisory committee, consisting of senior transmission of shocks to the financial system, and the assess risk professionals from around the world, that meets regularly ment, modeling, and measurement of potential points of failure are other important covered concepts. to debate and settle the FRM program's subject coverage, has found no shortage of subjects for inclusion in the FRM Also notable in 2023, GARP added two chapters on machine curriculum. learning (ML) in the FRM Part I Quantitative Analysis book. One of the advisory committee's more-material challenges is to These chapters not only introduce the ML methods risk manag understand and assess where the global financial services indus ers need to understand, but also address key issues associated try is headed, and then identify issues and subjects most impor with artificial intelligence (Al) and ML, including transparency, tant for risk management professionals. interpretability, and explainability; data considerations; and risks that arise from the use of Al/ML, including the potential for bias, The FRM advisory committee also recommends how the FRM discrimination, and unethical behavior. program covers subject matter. Its objective is to ensure that candidates who complete the FRM program successfully can be Throughout the FRM curriculum, GARP aims, wherever possible, confident that their skills have been assessed objectively, and to present lessons learned from noteworthy current events to that they possess the requisite knowledge to succeed as a risk contextualize program content and give FRM candidates critical management professional anywhere in the world. insight. viii Preface As you will see from reviewing the program's coverage and Yours truly, readings, it keeps up with a world that is becoming more interconnected and complex by the day. GARP is committed to offering a program that is dynamic, sophisticated, and responsive to the needs of financial institu tions and risk professionals around the world. We wish you the very best as you study for the FRM exams. And Richard Apostolik much success in your career as a risk-management professional. President & CEO Preface ix ® FRM COMMITTEE Chairperson Nick Strange, FCA (Chair) Senior Technical Advisor, Operational Risk & Resilience, Prudential Regulation Authority, Bank of England Members Richard Apostolik Keith Isaac, FRM President and CEO, GARP VP, Capital Markets Risk Management, TD Bank Group Richard Brandt William May MD, Operational Risk Management, Citigroup SVP, Global Head of Certifications and Educational Programs, GARP Julian Chen, FRM SVP, FRM Program Manager, GARP Attilio Meucci, PhD, CFA Founder, ARPM Chris Donohue, PhD MD, GARP Benchmarking Initiative, GARP Victor Ng, PhD Chairman, Audit and Risk Committee Donald Edgar, FRM Former MD, Head of Risk Architecture, Goldman Sachs MD, Risk & Quantitative Analysis, BlackRock Matthew Pritsker, PhD Herve Geny Senior Financial Economist and Policy Advisor/Supervision, Former Group Head of Internal Audit, London Stock Exchange Regulation, and Credit, Federal Reserve Bank of Boston Group Samantha C. Roberts, PhD, FRM, SCR Aparna Gupta Instructor and Consultant, Risk Modeling and Analytics Professor of Quantitative Finance Associate Dean, Academic Affairs Til Schuermann, PhD A.W. Lawrence Professional Excellence Fellow Partner, Oliver Wyman Co-Director and Site Director, NSF IUCRC CRAFT Evan Sekeris, PhD Lally School of Management Head of Non-Financial Risk, MUFG Rensselaer Polytechnic Institute Sverrir l:>orvaldsson, PhD, FRM John Hull Senior Quant, SEB Senior Advisor Maple Financial Professor of Derivatives and Risk Management, Joseph L. Rotman School of Management, University of Toronto x FRM® Committee ATTRIBUTIONS Contributors Frank J. Fabozzi, PhD, Professor of Finance at EDHEC Business School Michel Crouhy, PhD, Head of Research and Development, NATIXIS Corporate and Investment Bank Robert Mark, PhD, Managing Partner, Black Diamond Risk Enterprises Dan Galai, PhD, Abe Gray Professor of Finance and Business Administration at the Hebrew University Reviewers Bernadette Minton, PhD, Arthur E. Shepard Endowed Patrick Steiner, FRM, Large Institution Supervision Coordinating Professorship in Insurance and Chair, Department of Finance, Committee, Federal Reserve Bank of New York The Ohio State University Dan Pugh, FRM, Chief Legal and Risk Officer, Corporate David W. Wiley, MBA, CFA, President, WHW Investments, LLC Secretary, and Global Risk Manager, GSE Systems Luca Blasi, FRM, ACMA, Head of the Valuation and Trading Jesus Gonzalez, FRM, Vice President, Director of Market Risk Control Unit, Prudential Regulatory Authority-Bank of England Analytics, BB&T Attributions xi The Building Blocks of Risk Management Learning Objectives After completing this reading, you should be able to: Explain the concept of risk and compare risk management Describe and differentiate between the key classes with risk taking. of risks, explain how each type of risk can arise, and assess the potential impact of each type of risk on an Evaluate, compare, and apply tools and procedures organization. used to measure and manage risk, including quantitative measures, qualitative risk assessment techniques, and Explain how risk factors can interact with each other and enterprise risk management. describe challenges in aggregating risk exposures. Distinguish between expected loss and unexpected loss and provide examples of each. Interpret the relationship between risk and reward and explain how conflicts of interest can impact risk management. 1 Risk, in the most basic sense, is the possibility that bad things 1. The risk management process might happen. Humans evolved to manage risks such as wild animals and starvation. However, our risk awareness is not 2. Identifying risk: knowns and unknowns always suited to the modern world (as anyone who has taught 3. Expected loss, unexpected loss, and tail loss a child to cross the road knows). Behavioral science shows that 4. Risk factor breakdown we rely too much on instinct and personal experience, as biases skew our thought processes. Furthermore, even the way we 5. Structural change: from tail risk to systemic crisis frame risk decisions irrationally influences our willingness to 6. Human agency and conflicts of interest take risk. 7. Typology of risks and risk interactions Even so, surprisingly sophisticated examples of risk manage 8. Risk aggregation ment can be seen in early history. In ancient times, merchants 9. Balancing risk and reward and their lenders shared risk by tying loan repayments to the safe arrival of shipments using maritime loans (i.e., combining 10. Enterprise risk management (ERM) loans with a type of insurance). The insurance contract sepa rated from the loan contract as early as the fourteenth century Wi·ilin Ten risk management building blocks. in northern Italy, creating the first standalone financial risk trans fer instrument. From the seventeenth century onward, a more misunderstood connections between risks, or did not follow the methodical approach to the mathematics of risk can be traced. classic steps in the risk management process. This was followed by the development of exchange-based risk transfer in the form of agricultural futures contracts in the eigh teenth and nineteenth centuries (Figure 1.2). 1.1 TYPOLOGY OF RISKS AND RISK That methodical approach continued to evolve in the twentieth INTERACTIONS century and beyond, with major advances in financial theory in Risk is a wild animal, circling the campfire in the dead of night. the 1950s; an explosion in risk management markets from the But what kind of animal is it? 1970s onwards; and the emergence of new instruments, such as cyber risk insurance, in the early twenty-first century. Risk Figure 1.3 sets out a typology of risks in the financial industry.2 management is an old craft but a young science-and an even Given the variety of business models that firms pursue, corpo younger profession. rate risks take many forms. However, most firms face risks that can be categorized within the risk typology discussed in this How we think about risk is the biggest determinant of whether chapter. we recognize risks, assess them properly, measure them using This kind of typology has many uses. It can help organizations appropriate risk metrics, and succeed in managing them. drill down into the risk-specific factors within each risk type, This introductory chapter looks at the definitions of risk, the map risk management processes to avoid gaps, and hold staff classic risk management process, the principal types of risk, accountable for specific risk domains. and the tools used to track risk and make decisions. We isolate Indeed, Figure 1.3 relates quite closely to how risk functions are 10 risk management building blocks along the way organized at many banks and large corporations, where there (Figure 1.1). 1 are often particular functions for market risk, credit risk, etc. Most risk management disasters are caused by the failure to Many of these risk functions worked quite independently of one properly recognize and/or deal with one or more of these another until an effort to build a more unified risk management fundamental building blocks, rather than the failure of some approach began in the mid-1990s. sophisticated risk management technique. Centuries-old Each key risk type demands a specific set of skills and its own financial institutions have been bankrupted because their philosophical approach. For example, most banks treat market risk management procedures ignored a certain type of risk, and credit risks as a natural part of their business. They recognize that risk scales alongside reward and actively pursue risky assets 1 Not every risk practitioner will agree with our choice. The building blocks are not discussed in order of importance, and not every firm needs to develop a sophisticated approach to each building block, but 2 For a more detailed description of financial risks see M. Crouhy, we would argue that an awareness of each of our 10 building blocks is a D. Galai, and R. Mark, The Essentials of Risk Management, 2 nd ed. good place to start thinking about risk management. (Ch. 1, App.), McGraw Hill, 2014. 2 Financial Risk Manager Exam Part I: Foundations of Risk Management c.1750 BC-Code of Hammurabi records Babylonian maritime 1972 -CME currency futures contracts loan insurance. 1973-Chicago Board of Trade (CBOT) options on stocks; Roman era-Burial societies cover funerary expenses with Chicago Board Options Exchange (CBOE) created regular premiums. 1973-Black-Scholes option pricing formula Early medieval period-Early guilds support members who Mid 1970s-Treasury bill and bond futures suffer financial loss. 1979-1980-OTC currency options and swaps 1300s-Shipping insurance matures in Genoa. Early 1980s-Growth of early OTC markets; first interest rate 1583-First recorded life insurance policy in London swaps 1650s-Blaise Pascal and Pierre de Fermat lay foundation of 1983-lnterest rate caps and floors probability theory. 1987-Commodity swaps; average options; and other path 1666-Great Fire of London inspires early fire insurance dependent options companies. 1988-Basel Accord (Basel I) banking reform, focused on credit 1688-Lloyds (of London) coffee house first mentioned risk 1690s-early 1700s-Development of mortality tables in London 1990-Collateralized loan obligations Late 1600s-early 1700s-Jakob Bernoulli describes law of Early 1990s-Credit derivatives develop, for example, credit large numbers/statistical inference. default swaps 1730-Japanese rice futures traded in Osaka (world's first 1993-CBOE volatility index (VIX) futures). 1994-J.P. Morgan publishes value-at-risk (VaR) methodology 1730-Normal distribution and standard deviation described (RiskMetrics) by Abraham de Moivre. 1994-1995-Classic cases of derivative misuse, for example, 1762-First life insurer to calculate premiums in scientific Orange County, Barings Bank manner (forerunner of Equitable Life) 1996-Market Risk Amendment for Basel I 1764-Publication of Thomas Bayes' 1750s work (Bayesian 1998-Russia financial crisis, LTCM near collapse statistics) 1998-1999-Synthetic CDOs (collateralized debt obligations); 1846-Cologne Re: first dedicated reinsurance company CDOs of CDOs (CDO squared) 1864-Chicago Board of Trade lists first US standardized 2001-Terrorist attacks on World Trade Center (9/11); Enron futures contracts (corn). collapse, corporate scandals 1875-Francis Galton, British statistician, describes regression 2002-Sarbanes-Oxley Act (SOX) to prevent fraudulent to the mean. accounting 1900-Louis Bachelier models Brownian motion to investigate 2004-Basel II (including operational risk capital) financial assets. 2004-2006-VIX futures, options Early 1900s-Lloyds underwriters collect catastrophe risk data for pricing, for example, hurricane records. 2007-2009-Global Financial Crisis 1921-Frank Knight explores 'Risk, Uncertainty and Profit'. 2009-Contingent convertible bonds (CoCos) 1950s-1960s-Large corporations self-insure; "risk manager" 2010-Basel Ill ongoing (including liquidity risk) used for widened insurance purchaser role. 2010-Dodd-Frank Act 1952-Diversification and modern portfolio management: Harry Markowitz 2011 onwards-Fast development of cyber risk transfer market 1961-1966-Capital Asset Pricing Model: William Sharpe and John Lintner 2016-Solvency II reform in effect for insurance industry 1970s-Decade of market liberalization and price and interest 2017-Finalized Basel Ill reforms released rate volatility (i.jljl/iiJ Risk management timeline. Note: The dates in this timeline are sometimes an approximation; in particular, the development date of various OTC risk transfer instruments can be open to debate. (e.g., particular credit segments). An increase in operational risks, flexible because new risks are always emerging. A banking indus on the other hand, does not lead to greater reward, so banks try risk typology made in the early 1990s may have not consid avoid these risks when they can. Below we look at the key risk ered rogue trading risk or even the entire operational risk class. types in turn, but first a word of warning. Risk typologies must be As of 2020, "new" forms of operational risk are again climbing Chapter 1 The Building Blocks of Risk Management 3 Corporate Risks ' ' Downgrade Risk : ' : ·--------------- : Portfolio : Concentration ]7 : : : : : : : : : : : : : : : : : : '. : : : Risk ·--------------- , Bankruptcy Risk , '·-----------------·' Operational Risk AMLRisk Business, Strategic & Reputation Risks Cyber Risk Model Risk bf!(ijlJii A typology of risks for the banking industry. up the risk manager's watch list: cyber risk (particularly the risk of Each of these markets has its own risk management tools and hackers stealing and destroying data and compromising systems) methodologies, and we give examples of corporate applications and data privacy risk. 3 and strategies in Chapter 2. However, across all these markets, market risk is driven by the following. Furthermore, the risk types interact with one another so that risk flows. During a severe crisis, for example, risk can flow from credit General market risk: This is the risk that an asset class will fall risk to liquidity risk to market risk, (which was the case during the in value, leading to a fall in the value of an individual asset or global financial crisis of 2007-2009). The same can occur within an portfolio. individual firm: the "fat finger" of an unlucky trader (operational Specific market risk: This is the risk that an individual asset risk) creates a dangerous market position (market risk) and poten will fall in value more than the general asset class. tially ruins the standing of the firm (reputational risk). That is why Market risk can be managed through the relationships between a sophisticated understanding of risk types and their interactions positions. The diversification benefits of a large equity portfolio, is an essential building block of risk management. for example, form the bedrock of investment risk management. Market Risk However, market risk also arises from these relationships. For example, an equity portfolio designed to track the performance Market prices and rates continually change, driving the value of of an equity market benchmark might fail to track it perfectly-a securities and other assets up and down. These movements create special form of market risk. Likewise, a position intended to balance the potential for loss, as price volatility is the engine of market risk. out, or hedge, another position or market price behavior might do Market risk takes many forms depending on the underlying asset. so imperfectly-a form of market risk known as basis risk. From a financial institution's perspective, the key forms are equity For risk managers, this mismatching of price movements is often risk, interest rate risk, currency risk, and commodity price risk. a bigger problem than any single market risk exposure. For example, a commodity risk manager might decide to use crude 3 New risks tend to be born out of a fundamental change in market and oil futures to hedge the price of jet fuel based on the historical industry practice. Bank rogue trading risk rose out of the growth of the derivatives industry and a rise in proprietary trading; bank liquidity risk relationship between crude oil price movements and jet fuel price during the global financial crisis arose out of insidious changes in bank movements. However, the hedge may fail due to an adverse funding strategies and leverage; legal risk in the period since the crisis change in the historical relationship between the price movement has been exacerbated by a new wave of class action lawsuits and claims for compensation (not to forget some poor bank behavior); and cyber of these two commodities that renders the hedge ineffective, or risk is a product of the digital revolution. worse, results in a greater loss than if no hedge was placed. 4 Financial Risk Manager Exam Part I: Foundations of Risk Management Credit Risk The exposure amount, probability of default, and loss given default amounts are positively correlated (e.g., when defaults Credit risk arises from the failure of one party to fulfill its financial rise, recovery amounts fall).5 obligations to another party. Some examples of credit risk include Risk managers use sophisticated credit portfolio models to A debtor fails to pay interest or principal on a loan (bank uncover risk arising from these combinations of risk factors. ruptcy risk or default risk); An obliger or counterparty is downgraded (downgrade risk), indicating an increase in risk that may lead to an immediate Liquidity Risk loss in value of a credit-linked security; and Liquidity risk is used to describe two quite separate kinds of risk: A counterparty to a market trade fails to perform (counter- funding liquidity risk and market liquidity risk. party risk), including settlement or Herstatt risk.4 Funding liquidity risk is the risk that covers the risk that a firm Credit risk is driven by the probability of default of the obliger cannot access enough liquid cash and assets to meet its obli or counterparty, the exposure amount at the time of default, gations. Funding liquidity risk threatens all kinds of firms. For and the amount that can be recovered in the event of a default. example, many small and fast-growing firms find it difficult to These levers can all be altered by a firm's approach to risk man pay their bills quickly enough while still having sufficient funds to agement through factors such as the quality of its borrowers, invest for the future. the structure of the credit instrument, and controls on exposure. Banks have a special form of funding liquidity risk because their The structure of the credit instrument involves whether the business involves creating maturity and funding mismatches. credit instrument is collateralized or not, the type of collateral One example of a mismatch is that banks aim to take in short if it is collateralized, the priority of the creditor in the case of term deposits and lend the money out for the longer term at a bankruptcy, and inclusion of protective covenants in the loan higher rate of interest. Sound asset/liability management (ALM), agreement that impose restrictions on the borrower so as to therefore, lies at the heartening of the banking business to help protect the lender. reduce the risk. There are various techniques involved in ALM, The exposure amount is clear with most loans but can be volatile including gap and duration analyses.6 with other kinds of transactions. For example, a derivative trans Of course, banks sometimes get it wrong, with disastrous con action may have zero credit risk at the outset because it has no sequences. Many of the banks that failed during the2007-2009 immediate value in the market. However, it can quickly become global financial crisis had built up large maturity mismatches and a major counterparty credit exposure as markets change and the were vulnerable to the wholesale funding market's perception of position of one counterparty gains at the expense of the other their creditworthiness. counterparty. Market liquidity risk, sometimes known as trading liquidity risk, Traditionally, the probability of default of an obliger is assessed is the risk of a loss in asset value when markets temporarily through identifying and evaluating a selection of key risk factors. seize up. If market participants cannot, or will not, take part For example, corporate credit risk analysis looks at key financial in the market, this may force a seller to accept an abnormally ratios, industry sectors, etc. Meanwhile, the risk in whole port low price, or take away the seller's ability to turn an asset into folios of credit risk exposures is driven by obliger concentration cash and funding at any price. Market liquidity risk can trans (i.e., the exposure to each obliger relative to the portfolio's late into funding liquidity risk overnight in the case of banking value) as well as the relationship between risk factors. The port institutions too dependent on raising funds in fragile wholesale folio will be a lot riskier if: markets. It has a small number of large loans rather than many smaller It can be very difficult to measure market liquidity risk. Measures loans; of market liquidity in a normal market, for example, might look at The returns or default probabilities of the loans are positively the number or volume of transactions and at the spread between correlated (e.g., borrowers are in the same industry or region); the bid-ask price. However, these are not necessarily good indi cators that a market will remain liquid during a time of crisis. 4 Named after the failure of Herstatt bank in Germany. The bank, a participant in the foreign exchange markets, was closed by regulators in 1974. The timing 5 These concepts will be explored later in this book. of the closure caused a settlement failure because Herstatt's counterparties 6 had already paid their leg of foreign currency transactions (in Deutsche Marks) See M. Crouhy, D. Galai, and R. Mark, The Essentials of Risk only to find the defunct Herstatt unable to pay its leg (in US dollars). Management, 2nd ed. (Ch. 8), McGraw Hill, 2014. Chapter 1 The Building Blocks of Risk Management 5 BOX 1.1 BANK OPERATIONAL RISK: MEASURE OR MANAGE? No one doubts the importance of operational risk, but its understand their operational risk using a variety of tools, but measurement remains challenging. The banking industry capital allocation would be based on a simpler standardized embarked on the project in the late 1990s, mainly because it approach using weighted bank size with a multiplier based seemed logical to set capital aside for operational risk along on a bank's record of larger operational risk losses. side that set aside for credit and market risks. The industry However, this will not dampen bank efforts to manage opera built extensive loss databases along with a set of risk measure tional risk. Operational risk includes the massive legal threats ment tools including statistical analysis, scorecard systems, and claims for compensation that have plagued banks since the sets of key risk indicators, and scenario analysis approaches. 2007-2009 global financial crisis. It includes the growing threat However, many banking regulators remained skeptical about of cyber risk and the threat of penalties and lawsuits over data whether these tools could support accurate risk capital allo privacy infringements. In all its guises, operational risk remains cation. The Basel Committee signaled a change of direction one of the biggest threats to banks and other large corpora in2016.7 It would continue to encourage banks to tions, even if it is impossible to properly measure its true cost. Operational Risk often accompanied by major investments of capital, human resources, and management reputation. Operational risk can be defined as the "risk of loss resulting Business and strategic risks consume much of the attention of from inadequate or failed internal processes, people, and sys management in non-financial firms, and they are clearly also tems or from external events. "8 It includes legal risk, but a key concern in financial firms. However, it is not obvious excludes business, strategic, and reputational risk. how they relate to the other risks that we discuss or fit within That is a deliberately broad definition, and it includes everything each firm's risk management framework. For example, today from anti-money laundering risk and cyber risk to risks of terror banks and other financial institutions are facing competition ist attacks and rogue trading. The outbreaks of rogue trading from so-called financial technology [FinTech] companies. Bank in the 1990s helped persuade regulators to include operational management must decide whether to develop those same risk in bank capital calculations. services internally, acquire those companies, or partner with Looking beyond the banking industry, we might include many FinTech companies. corporate disasters under the operational risk umbrella. These A sudden fall in customer demand, the failure to launch the right include physical operational mishaps and corporate governance kind of new product, or a misplaced major capital investment can scandals, such as the crisis at energy giant Enron in 2001. The threaten a firm's survival. Responsibility for these risks lies with the management of operational risk is the primary day-to-day firm's general management. So what is the role of the risk manager? concern for many risk managers outside the financial industry, The answer lies in three observations. often through insurance strategies. 1. First, the firm's management needs to define its appetite The definition and measurement of operational risk continues to be for risk in a holistic manner that embraces the risk of sig problematic, however, especially in the financial industry (Box 1.1). nificant business and strategic decisions. Firms can be very conservative with respect to credit risk, yet very entrepre Business and Strategic Risk neurial with respect to business risk. However, the logic for Business risks lie at the heart of any business and includes all the that divergence needs to be articulated by management. usual worries of firms, such as customer demand, pricing deci 2. Second, the chief risk officer and supporting team may have sions, supplier negotiations, competition, and managing prod specific skills they can bring to bear in terms of quantifying uct innovation. aspects of business and strategic risk. Credit experts, for exam Strategic risk is distinct from business risk. Strategic risk involves ple, often become involved in managing supply chain risk. making large, long-term decisions about the firm's direction, As we discuss in a later chapter, new techniques such as macroeconomic scenario analysis can be adopted to 7 Basel Committee, Standardised Measurement Approach for Opera improve business and strategic decisions. tional Risk, March 2016: https://www.bis.org/bcbs/publ/d355.pdf. The 3. Third, business decisions generate large exposures in other risk move built on earlier proposals in 2014. 8 Basel Committee on Banking Supervision, Principles for the Sound management areas, such as credit risk and commodity price risk. Management of Operational Risk, June 2011, https://www.bis.org/publ/ As a result, financial risk managers must be involved at the start bcbs195.pdf, page 3, footnote 5. of business planning. For example, it may be impossible to fund 6 Financial Risk Manager Exam Part I: Foundations of Risk Management the construction of a power station without having some form of energy price risk management strategy in place. Meanwhile in the financial industry, expanding a credit business will increase credit exposures and may necessitate the deliberate lowering of credit standards. Banks that fail to coordinate business, stra tegic, and risk management goals do not survive for long. Reputation Risk Reputation risk is the danger that a firm will suffer a sudden fall in its market standing or brand with economic consequences (e.g., through losing customers or counterparties). Reputation risk usually comes about through a failure in another area of risk management that damages confidence in the firm's financial soundness or its reputation for fair dealing. For example, a large failure in credit risk management can lead to rumors about a bank's financial soundness. Rumors can be fatal in themselves. Investors and 1.2 THE RISK MANAGEMENT depositors may begin to withdraw support in the expectation that PROCESS others will also withdraw support. Banks need to have plans in place for how they can reassure markets and shore up their reputations. We take risks in pursuit of reward, whether that reward is food, A reputation for fair dealing is also critical. Large firms are shelter, or digital currencies. But the key questions are twofold: expected to behave in certain ways. If a firm misrepresents a (1) is the risk commensurate with the reward, and (2) could we product's risks, it can lose important customers. lower the risk and still get the reward? Our attempt to address these questions gives rise to our first building block: the classic Reputation with regulators is particularly important to financial risk management process (Figure 1.4). institutions. Regulators wield considerable informal as well as formal power. A bank that loses the trust of a regulator During this process, the risk manager attempts to: identify the may become the subject of extensive examinations and/or its risk (e.g., Box 1.2), analyze and measure the risk, assess the activities may be criticized or curtailed. effects of any risk event, and finally manage the risk. BOX 1.2 BRAINSTORMING AND TRIAGING RISKS The first steps toward risk identification and triage take some Loss data analysis: Brainstorming often identifies many classic forms. potential risks. The analyst will next want to look at how the wider industry categorizes each risk and at any inter Brainstorming: This could include discussions with repre nal and external loss records available, to gauge the fre sentatives from different business divisions to discuss the quency and severity of loss events and how they relate to risk exposures they face and scenarios that could negatively specific risk factors. impact their divisions. The most obvious approach is to put the key professionals (e.g., business leaders, audit profession Basic risk triage: Not every risk is quantifiable in an exact als, etc.) in a room and talk to them. What is your personal way, but risk managers should be able to determine a professional nightmare? What else could go wrong, why given risk's frequency and severity. would it go wrong, and how badly could it go wrong? What Hypothetical what-if analysis: Initial research may suggest are the root causes and what are the consequences (e.g., in worst-case scenarios that the brainstorming team can be terms of triggering further risks)? Who is accountable? asked to consider. Structured interviews, questionnaires, and surveys: These are an attempt to push that initial inquiry out to a wider Front line observation: There is no substitute for going to group of professionals within the company or throughout the business line or function and looking at how things are the industry. They should include open-ended questions. done. Have front-line staff been included in the risk infor mation gathering process? Industry resources: Unless the activity is unique, there will be industry resources available in the form of checklists, Following the trail: How are key processes conducted professional and regulatory standards, industry surveys, and what are the risks associated with them? Can we see and expert opinions. These resources should be used to weaknesses or gaps in the process? Can we track our enrich the brainstorming process. worst nightmares backwards through the process? Chapter 1 The Building Blocks of Risk Management 7 Identifying the risk can be just as important as its size in deter mining the appropriate risk management strategy. Across the corporate world, some risks are regarded as natural to a business and others as quite foreign. Manufacturers, for example, often accept and manage the operational risks of complex factory processes but try to avoid or transfer large market or credit risks. Investors often react badly to mishaps concerning risk types they believe are unnatural to a firm (e.g., a loss from a speculative derivatives position held by a non-financial corporation). The risk management process culminates in a series of choices that both manage risk and help to define the identity and pur pose of the firm. Avoid Risk: There are risks that can be sidestepped by discon tinuing the business or pursuing it using a different strategy. For lif.jlj#:jifj Risk managers face the unknown and example, selling into certain markets, or off-shoring production, unexpected. might be avoided to minimize political or foreign exchange risks. Retain Risk: There are risks that can be retained within the firm's risk appetite. Large risks can be retained through 1.3 IDENTIFYING RISK: KNOWNS mechanisms such as risk capital allocation, self-insurance, and captive insurance. AND UNKNOWNS Mitigate Risk: There are risks that can be mitigated by reducing One of the easiest mistakes to make is to focus on risks that are exposure, frequency, and severity (e.g., improved operational known and measurable while ignoring those that are unknown infrastructure can mitigate the frequency of some kinds of or sets out. operational risk, hedging unwanted foreign currency exposure can mitigate market risk, and receiving collateral against a Figure 1.5, our second building block, sets out a fundamental classi fication of known versus unknown risk that considers a classic paper credit exposure can mitigate the severity of a potential default). on risk by economist Frank Knight,9 and the much-quoted words of Transfer Risk: There are risks that can be transferred to a third Donald Rumsfeld, former United States Secretary of Defense: party using derivative products, structured products, or by paying a premium (e.g., to an insurer or derivatives provider). "There are things we know that we know. There are known unknowns... But there are also unknown unknowns."10 As the risk taker improves its risk management strategy, it will begin to avoid or mitigate non-essential or value-destroying Rumsfeld said this when trying to encapsulate the danger of risk exposures, which in turn will allow it to assume more risk terrorists using weapons of mass destruction. His point was that in areas where it can pursue more value-creating opportunities humans tend to focus on the risks for which they have data and for its stakeholders. Investment in risk management thus allows ignore potentially larger risks that are unknown or poorly under farmers to grow more food, metals producers to produce more stood. Yet those risks exist and must be managed. metal, and banks to lend more money. Risk management allows Some of the distinctions in Figure 1.5 are much older than firms to excel. Rumsfeld's quote. In his famous 1921 paper, Knight distin In modern economies, risk management is therefore not only guished between variability that cannot be quantified at all, about corporate survival. It is critically important to the broader which he called uncertainty, and "true" risk that can be quanti processes of specialization, scaling, efficiency, and wealth fied in terms of statistical science. (Box 1.3) creation. This explains why risk never really goes away. Risk management 9 F. Knight, Risk, Uncertainty, and Profit (New York: Houghton Mifflin, success is a platform for greater endeavors. The risk manager is 1921). constantly identifying, evaluating, and managing risks to achieve 10 Donald Rumsfeld, US Secretary of Defence, press conference, NATO the right balance between creating value and exposing the firm HO, Brussels, 6 June 2002, responding to a question regarding terrorism to undue risk. However, identifying and analyzing risk in a fast and weapons of mass destruction and the possible inadequacy of intelli changing world remains a major challenge. gence information: https://www.nato.int/docu/speech/2002/s020606g.htm 8 Financial Risk Manager Exam Part I: Foundations of Risk Management BOX 1.3 RISK VERSUS UNCERTAINTY Economists have argued about the distinction between risk outcomes. Today we refer to this as Knightian uncertainty. and uncertainty since the early 1920s. The distinction was As similar distinction between risk and uncertainty was made first made in 1921 by two economists, Frank Knight" and by Keynes in 1921. He argued that there is risk that can be John Maynard Keynes.b Knight explained the distinction calculated and another sort of risk he labeled "irreducible between risk and uncertainty as follows which he referred uncertainty." He understood that for some decisions, the to as "measurable risk" or "risk proper." Risk, according to risks cannot be calculated because attempting to do so Knight, applies to decision making when the outcome of would necessitate the reliance on assumptions about the the decision is unknown, but the decision maker can fairly future that have no basis in probability theory. accurately quantify the probability associated with each out Frank Knight, Risk, Uncertainty, and Profit (New York: Houghton come that may arise from that decision. Knight viewed uncer Mifflin, 1921). tainty, which he referred to as "unmeasurable uncertainty" 6John Maynard Keynes, Treatise on Probability (New York: Macmillan, or "true uncertainty," as applicable to decisions when the 1921) decision maker cannot know all the information needed in order to obtain all the probabilities associated with the BOX 1.4 METEORS AND MOONWALKING, ICEBERGS AND ELEPHANTS When is a risk truly unknown? Perhaps when it arrives out The underwater icebergs are more difficult to spot and of the blue like a meteor. But many risks are more unseen include the growth in leverage in some financial firms in the than unknown. In a 2018 speech, the Bank of England's Alex run up to the 2007-2009 global financial crisis. After the risk Brazier separated these risks into "moonwalking bears" and event, these risks also seem obvious because they are usually "underwater icebergs." concerned with some fundamental weakness. Moonwalking bears are named after a viral video that shows To this ensemble, we might add the age-old elephant in the room. This is the risk that is easy to see, that everyone has how people avidly watching a basketball game failed to see a bear impersonator on the screen. This kind of risk can indeed spotted, but that it would be impolite to publicly acknowledge. be seen during periods of compressed yields in the debt market: the evidence that risk is being bought too cheaply Source: Alex Brazier, Executive Director for Financial Stability is plain to see on every financial screen, but investors keep Strategy and Risk, Bank of England, "Moonwalking Bears and on buying. Underwater Icebergs," 26 April 2018. Incalculable Knightian uncertainties can be very large and impor "known known": one in two long-term smokers die from the tant. Nuclear war is a major threat to the world, but its chances habit.11 of happening are impossible to estimate. Do the distinctions between the risk classes in Figure 1.5 mat Even so, Knightian uncertainties can be managed through avoid ter to financial risk managers? Yes. Risk managers take respon ance and other forms of risk management. Multilateral nuclear sibility for all sorts of risk, not just those that can be measured. disarmament, whether wise or not, would remove the risk of They must continuously search for Rumsfeld's "unknown nuclear war. For difficult actions to be taken, however, there has unknowns," including risks that are hiding in plain sight to be agreement that the Knightian uncertainty is plausible and (Box 1.4). They cannot simply ignore Knightian uncertainties. extremely threatening in terms of its severity (if unquantifiable in In fact, they sometimes need to make sure their firms avoid or terms of frequency). transfer them. The boundary between Knightian uncertainty and measurable, statistical risk can be fluid Before 1950, the size of the health threat from smoking was uncertain and cigarette producers reg 11 This may be a conservative estimate, with the most recent research ularly advertised their brand as the one that doctors chose to suggesting that smoking eventually kills around two in three smokers. smoke. By the mid-1970s, dedicated researchers had turned See M. Roberts, "Tobacco Kills Two in Three Smokers,"' BBC News this uncertainty into a quantified statistical health risk or online, 24 February 2015: http://www.bbc.eo.uk/news/health-31600118 Chapter 1 The Building Blocks of Risk Management 9 Where they can, risk managers move poorly understood risks Expect the Unexpected from the periphery of Figure 1.5 to a position nearer to the cen ter. As cigarettes have demonstrated, Knightian uncertainties That said, well-behaved portfolios inevitably offer surprises. EL can be more severe and prevalent than we initially suspect. is created from good and bad days. On a bad day, losses can range above the expected level (e.g., the result of an announce However, risk managers must never treat risks that cannot be ment of fraud in a credit card business or simply an unlucky measured as if they are a known quantity. Uncertainty and ambi sequence of losses). The extent to which losses depart from the guity must be acknowledged because they exist in much greater average is called the unexpected loss level. amounts for some risky activities than for others. Our confidence in a risk measure shapes how the result should be applied in In a credit portfolio, the potential for unexpected loss might be decision-making. 12 driven by something quite simple, such as the number and size of the loans. When a portfolio is composed of a large proportion of small loans, there is little chance of one very important loan 1.4 QUANTITATIVE RISK METRICS defaulting. In addition, if the portfolio is well diversified, there is little chance of multiple losses occurring together to generate Figure 1.5 makes an important distinction between expected unexpected loss levels. and unexpected loss. This distinction is our third building block. Also, consider that the amount of EL (and unexpected loss) in Expected loss (EL) is the average loss a position taker might a credit portfolio is changing continuously. These fluctuations expect to incur from a position or portfolio. In theory, some are driven by factors such as changes in the macroeconomic portfolios realize losses that rarely depart far from this average. environment and size and constitution of the portfolio (e.g., its The losses from this kind of portfolio may be amenable to sta credit quality or correlations). Estimating expected losses for tistical measurement over a relatively short period of time with even a well-behaved portfolio involves a fair amount of art as a fair degree of confidence. They might vary, for example, from well as science-and some big assumptions. year to year, but not by too much. The EL of a portfolio can be calculated by identifying and esti From Unexpected to Extreme mating values for the key underlying risk factors. In general, EL is a function of (1) the probability of the risk event occurring; Some credit portfolios, however, exhibit a much more extreme (2) the firm's exposure to the risk event; and (3) the severity of variance in their losses over intervals of time (e.g., a decade). the loss if the risk event occurs. In the case of the credit risk of Here, the expected losses over time are constructed from both a loan, these become the borrower's probability of default (PD); long runs of good years (when losses are much lower than aver the bank's exposure at default (EAD); and the severity of loss age) and short runs of bad years (when losses are much higher given default (LGD). Thus, EL is simply: than average). In the bad years, losses reach unexpected and even extreme levels. EL = EAD x LGD x PD These portfolios can be very deceptive from a risk management Where EL can be calculated with confidence, it can be treated point of view. It is easy to be lulled into a complacent view of risk like a variable cost or predictable expense rather than a risk or exposure and then experience a sudden shock. For this kind of uncertainty. The bank can make a profit simply by adding a risky position or portfolio, banks need to allocate large amounts price margin that covers the cost of the EL. 13 Here, the risk of risk capital to protect against large unexpected losses that manager's role is primarily to measure the amount of EL and can trigger insolvency and default. This allocation of risk capital to make sure the portfolio does not lose its predictable is done in addition to pricing EL into the product directly. quality. Risky Relationships 12 For further discussion of the role of uncertainty in economics, see A classic example of this loss level variability can be seen in the A. Lo and M. Mueller, "Warning: Physics Envy May Be Hazardous to Your Wealth!" March 19, 2010: http://papers.ssrn.com/sol3/papers. regular cycles of boom and bust in commercial real estate (CRE) cfm?abstract_id= 1563882 markets around the world. 14 13 Theoretically, therefore, banks should not need to set aside provisions for expected losses where these are accurately priced into a product, though they will need to allocate risk capital for unexpected loss levels. 14 This classic cycle is well documented in the literature, for example, For a discussion about why banks should, in the real world, provision for European Systemic Risk Board, Report on Commercial Rea/ Estate and expected losses as well see B. Cohen and G. Edwards, "The New Era of Financial Stability in the EU, December 2015, available at: https://www Expected Credit Loss Provisioning," BIS Quarterly Review, March 2017:.esrb.europa.eu/pub/pdf/other/2015-12-28_ESRB_report_on_commer https://www.bis.org/publ/qtrpdf/r_qt1703f.htm cial_real_estate_and_financial_sta bility.pdf 10 Financial Risk Manager Exam Part I: Foundations of Risk Management First, demand for commercial property strengthens, often in line conditions, there is a 1% probability that the fund will have a with general economic upswings. But CRE supply is inelastic15: it loss that is greater than 3%. takes time to construct a property. Prices rise, attracting inves VaR uses the loss distribution associated with a position or portfolio tors, banks, and other lenders, who may begin to relax loan-to to estimate losses at a given level of likelihood (or confidence). How value ratios and other safeguards to gain market share. ever, an important point is that for any given loss distribution, the Eventually, prices begin to weaken through a combination of VaR number would tend to fall if we eased the confidence level cyclical oversupply of property and deteriorating economic to 95%. The number would also rise or fall if the shape of the loss conditions. Banks begin to withdraw credit from investors and distribution changed. For example, a loss distribution with a much developers in the market, exacerbating the fall. Overextended fatter tail incurs more unexpected loss and a larger VaR number. property developers experience cash flow problems. Property loses value as collateral. The financial condition of CRE lenders Expected Shortfall deteriorates and lending dries up. One fire sale later-and the market has entered a devastating cycle of feedback. While VaR is a useful measure, it fails to quantify how much risk there is in the tails. A measure that overcomes that drawback The result for lenders is that the probability of default by prop is expected shortfall (ES), also referred to as conditional value erty developers rises at the same time collateral values fall-a at-risk (CVaR). For a given tail probability, ES is defined as the bad combination referred to as wrong way risk. The global CRE average of the VaR numbers that exceed the VaR at that tail markets are one of the clearest examples of how risk factors act probability. That is, ES focuses on the losses in the tail that are together to produce waves of extreme loss. larger than the corresponding VaR level. There are many other examples in the financial markets of risk factors that can act together to generate risk. For example, in derivative markets, the value of a contract with a counterparty 1.5 RISK FACTOR BREAKDOWN AND may tend to rise simultaneously with the default risk of the coun INTERACTIONS BETWEEN FACTORS terparty (another example of wrong way risk). The example of the CRE cycle demonstrates how important it is for Value-at-Risk risk analysts to break risk down into discrete risk factors-in this case, PD, LGD, and EAD-and understand how these risk factors In January 1990, Dennis Weatherstone, newly appointed CEO of might interact over time and under stress to generate losses.18 J.P. Morgan, called for a report on the total risk of his bank to be In turn, each primary risk factor is driven by a more fundamental delivered to his desk every day at 4:15 p.m. The request helped set of risk factors. For example, the probability of default by a to drive the development of a new global risk metric: Value-at firm may be driven by its strength or weakness in terms of key Risk (VaR). 16 financial indicators, industry sector, management quality, etc. Jorion defines the VaR measure as the "worst expected loss Breaking risk down into its key risk factors and understanding over a given horizon under normal market conditions at a given their importance as loss drivers-and their relationships with level of confidence." 17 For example, suppose that a bank's trad each other and the wider business environment-is a key activity ing portfolio has a weekly VaR at the 95% confidence level of for risk managers and is our fourth building block. $10 million. This means that under normal market conditions, there is a 5% probability that the bank's trading portfolio will A key question concerns how granular each risk factor analysis lose more than $10 million over the next week. As another should be. Ideally, risk managers would like to understand every example, suppose that a fund's monthly VaR at the 99% confi significant risk factor and analyze each factor's importance and dence level is a loss of 3%. This means that under normal market dynamics through the data available. To score the risk factor, the risk manager may want to look at its sub-factors. For example, what is it that drives the credit 15 An inelastic supply refers to a market situation wherein a change in risk variable of management quality: management's years of the price of a product (in this case CRE) does not result in a correspond ing change in supply of that product. 16 Other firms such as Bankers Trust, a US merchant bank, had been 18 Understanding the dynamics of a loss record greatly increases its working to build global risk reports in the period, and many of the predictive power. To prepare for a key banking reform, Basel II, some concepts underlying VaR appeared prior to the 1990s. J.P. Morgan pub years ago, banks had to spend millions of dollars re-engineering their lished the methodology behind its VaR model in 1993/4. credit rating systems when the regulators asked them to improve their 17 P. Jorion, Value at Risk: The New Benchmark for Managing Financial risk modeling by recording probability of default, loss given default, and Risk. New York, NY: McGraw-Hill, 2001 credit exposure as separate risk factors. Chapter 1 The Building Blocks of Risk Management 11 BOX 1.5 WILL DATA SCIENCE REVOLUTIONIZE RISK ANALYSIS? Data science includes big data, artificial intelligence, and individual level-the "segment of one," as the industry machine learning. Data science is helping risk managers calls it. approach the identification of risk variables in a new way. Across the risk industries, massive computing power can now This should allow risk managers to isolate innumerable risk help risk managers spot patterns and relationships in data factors and understand their relationships at a greater level more quickly. Unsupervised machine learning can help the of complexity. risk manager identify the "unknown unknowns" through iden In the insurance world, for example, analysts are bring tifying clusters and correlations without specifying the area of ing together public databases, social data, crediting rat interest in advance. Risk managers are about to enter an age ing data, and unstructured data to understand risk at the of plenty in terms of data volume and risk factor analysis. experience? Or what drives a firm's vulnerability to cyber risk: When the structure underlying a system changes, risk increases. systems, processes, or people? Large loss events may suddenly increase in frequency or size. Risk factors might suddenly move in lockstep. Entirely new Finding the answers to such questions is important, but practi sources of loss, in terms of risk type, may appear. In this case, calities often impose their own limits. Analytical resources may more historical data will not help and "once-in-100-year" events not be available. The loss data that can be used to isolate and might pop up once a decade until the structural problem is statistically examine the power of each risk variable may be lim fixed, or proper risk management processes are adopted. ited in quantity, quality, or descriptive detail. A change in events does not only affect tail risk-the amounts That being said, new streams of data offering an undreamt level of EL and unexpected loss might change as well. Risk manag of granularity, analyzed by means of machine learning and mas ers are continuously trying to assess the risk in systems that are sive cloud-based computational power, may prove revolutionary changing in ways that might, or might not, matter. in the identification of discrete risk factors (Box 1.5). While this is a problem for all risk managers, there is a spe cial twist for those working in the financial markets. Unlike 1.6 STRUCTUR AL CH ANGE: FROM most mechanical and natural systems, human systems (such TAIL RISK TO SYSTEMIC CRISIS as financial markets) are subject to constant structural change from levers such as social behavior, industry trends, regulatory Some risk events have a diabolical side that seems designed to reforms, and product innovations. outwit the human mind. This may be because such events are An important recent example was the growth in subprime very rare and extreme or they arise from unobserved structural mortgage lending by US banks and other financial institutions changes in a market. starting in the early 2000s and its role in the creation of the In complex systems, such as the global climate or financial 2007-2009 global financial crisis. Unusual types of mortgages, markets, extremely rare events can happen over long time such as interest-only mortgages and below market initial loan periods, even if the system remains structurally stable. These rates, rose quickly from comprising a small fraction of total loans risks, really an extreme version of unexpected loss, are difficult originated to a substantial share of all new mortgages. At the to identify in the data because (by definition) there are not a same time, the proportion of loans that were subprime (i.e., lot of them. mortgages to borrowers with blemished credit histories) also increased. Structural change-looking out for it and modeling Tail risk events (or outliers) might be rare, but a long enough its future effects-is our fifth building block of risk management. time series of data should reveal evidence of their existence. Where data are scarce, modern risk management can some times apply statistical tail risk techniques, utilizing a branch of 1.7 HUMAN AGENCY AND statistics called Extreme Value Theory (EVT) to help make tails CONFLICTS OF INTEREST more visible and to extract the most useful information.19 Structural change is not the only wild card in financial systems. 19 For accessible reviews of the literature, see A. Pazarbasi, "Tail Risk Unlike natural systems, human systems are run by intelligent Literature Review," Alternative Investment Analyst Review; D. Levine, "Modelling Tail Behavior with Extreme Value T heory," Risk Manage participants that can react to change in a self-reflective or even ment, September 2009, Issue 17. a calculating manner. 12 Financial Risk Manag

FRM Exam Part I PDF 2024

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue