Risk Management MACT6013 Autumn 2024 PDF
Document Details
Uploaded by GuiltlessFoxglove9386
null
2024
null
null
Tags
Related
- NNPC Limited ERM Processes and Procedures PDF
- Risk Management PDF
- Stress Testing and Scenario Analysis PDF 2013 - International Actuarial Association
- Risk Management PDF - Chapter 22 - 02
- Chapter 1 Lecture Notes (STAT4903 Actuarial Techniques for General Insurance - Fall 2024) PDF
- Actuarial Practice 3 PDF
Summary
This document provides an overview of risk management, covering different types of risk. It discusses market risk, interest rate risk, inflation risk, currency risk, credit risk, and liquidity risk, focusing on their effects on businesses and financial institutions.
Full Transcript
MACT6013 Risk management Autumn 2024 I will cover a broad range of risks These may be present in many areas of actuarial work and the wider business community… such as insurers, banks, car manufacturers etc Types of risk NOTE No universal classification of risks Di...
MACT6013 Risk management Autumn 2024 I will cover a broad range of risks These may be present in many areas of actuarial work and the wider business community… such as insurers, banks, car manufacturers etc Types of risk NOTE No universal classification of risks Different texts will have slightly different interpretations and groupings Eg interest rate, currency, basis risk often included as types of market risk Eg Credit risk subset of counterparty risk 1.Market risk Risk arising from changes in &investment market values Example: pension scheme which holds equities 50% fall in equities prior to scheme valuation What’s the effect? Large increase in deficit Employer required to increase contributions to the Scheme to remove deficit Fall in company share price Companies with DB scheme - share price hit twice 2.Interest rate risk Risk arising from changes in interest rates which may affect liability values Changes in overall interest rates Changes in the shape of the yield curve Risk can be reduced by investing in matching assets Example: pension scheme which invests solely in cash Pension schemes generally value liabilities using long term interest rates Fall in long term interest rates prior to scheme valuation Significant increase in liabilities, and therefore deficit Employer required to increase contributions to the Scheme Fall in company share price? In the year to 31/3/2012 pension scheme buy-out deficits increased from £470bn to £670bn 3.Inflation risk Risk arising from changes in various forms of inflation, such as price inflation and salary inflation Higher price inflation may directly lead to higher claims inflation, pension increases… Eg higher than expected future inflation may result in increased levels of reserves held by insurance companies Some texts include this under economic risk 4.Currency risk The risk arising from exposure to changes in foreign - exchange rates - Profits in home currency affected Cost of exports/imports affected Example Overseas investors in UK assets suffered losses following Brexit when £ depreciated £ depreciation bad for UK importers Currency risk Profits in home country Example: Scottish Airways sells lots of “profitable” fares in $ Must convert those back into £ If $ weakens then profits in £ will be reduced Currency risk Let’s say £1 = $2 at start of year Price of New York to London ticket £1,000 So sold in New York for $2,000 Now £1 = $2.50 = & Converted back to £’s 1 month later 2500 Airline gets £800 - £200 “currency loss” Comment on classification Some commentators will group interest rate, inflation and currency risks as types of market risks 5.Credit risk Risk that a counterparty will default on an agreed payment. This may arise from: Counterparty failure Company issues corporate bonds then goes bust – investors may lose entire investment Later payment Cashflow problems with counterparty result in failure to pay coupons on time Why could this present a problem to the investor? Or you provide actuarial advice to a client and they don’t pay you Credit risk (aside) A recurring theme of these lectures is that the aim of RM is not necessarily to remove risks once they have been identified Banks constantly review risk/reward from credit risk They expect to make a profit from being exposed to credit risk They are “experts” in seeking opportunities from exposure to credit risk 6.Liquidity risk Companies will receive income eg from selling products Companies will make payments eg salaries, buy computers Sometimes outgo will exceed income Shortage of cash is usually met by (1)holding capital in order to help raise finance, or (2) from liquid assets. If cash cannot be raised this can result in inability to make payments This is known as liquidity risk Market liquidity risk Risk of not being able to make payments as they become due because there are insufficient assets in cash form. Where this is caused by the inability to raise finance it is known as Funding liquidity risk May result in selling assets at reduced prices Liquidity risk Example Student has total liquid assets of £100 plus a £10,000 car Will get paid next month Must pay rent this week (£1,000) So has to sell his car at a reduced price of £8,000 What other alternatives does he have? Liquidity risk Example of Funding liquidity risk Northern Rock – had planned to sell-on its mortgages to other institutions (“securitisation”) and use the proceeds to repay loans from other institutions. But due to the financial crisis there were no willing buyers. It was then unable to repay the loans and had to approach the BoE for funding. NR was not bust – it just had no cash Liquidity risk Lack of liquidity may be rewarded by higher potential returns Compare an instant access bank account with an account with no permitted access for 5 years Balance between holding sufficient liquidity and expected returns Shareholders will not want unnecessarily high levels of liquidity 7.Insurance risk Insurance risk arises from fluctuations in the timing, frequency and severity of insured events, relative to the expectations of the firm at the time of underwriting or pricing. Fukushima earthquake, nuclear plant Eg group of term assurance policies result in a loss due to underestimating mortality rates Can be extended to higher than expected expenses “Claims being higher than expected” Undersetimated the risk and charged too little, policyholder behaviour changing eg fraud, moral hazard; just volatility, catastrophes; poor policy wording; the risk changes since selling the policy; not knowing about particular risks eg asbestosis; trends 8.Basis risk The risk arising from the relative changes in 2 indices Best understood by examples: 1.You hold a basket of 50 UK equity stocks Worried about losses You buy an equity put option based on UK FTSE index OK if your 50 stocks behave exactly in line with FTSE index Why may the 2 returns be different? 2.Wimbledon faces a risk of refunding tickets of value £1m each day if bad weather means play is not possible Take out a “weather option” or insurance policy such that if average rainfall in England exceeds 0.5cm in a day Wimbledon will receive £1m Large basis risk here – list reasons why Wimbledon may 1)benefit and 2)lose out from this arrangement. What you really need is a policy which pays out if ticket prices are refunded. Any reasons why you would not have this policy in place? 9. Systemic risk Risk of failure of a financial system eg a country’s banking sector, European economy! All firms similarly affected by an external event 2008 GFC; COVID-19 “Knock-on” effect (“Contagion risk”) Your company may be very well run but your business may be significantly affected if other companies go bust Contagion example Eg Herstatt Bank (1974) Large payments (in DM) made to Herstatt from US banks early in the day US banks due to be paid back later that day in $’s Herstatt declared bankrupt later that day US banks did not receive repayments due later that day US banks then did not want to lend to other US banks due to unknown exposures to Herstatt 10 – 24 : Operational risks No unique definition Risk of losses due to poor internal controls, underskilled or lack of employees, and poor processes. External events can also provide such risks. Delay in appointing suitable CEO process breakdown in converting foreign currency at first opportunity Severe fire at head office resulting in loss of computer systems, data, no alternative workplace available Employee fraud eg Barings / Leeson Poor administration leading to incorrect premiums charged, or benefits paid to policyholders Have we thought of all the key risks?? Is risk register complete? Operational risks Often need to be assessed qualitatively Compare this with market, credit, liquidity risk which can be modelled quantitatively As previously noted many operational risks only have a downside (other than the cost of dealing with them) Types of operational risk Business continuity risk Strategic / business Regulatory Political Agency Technology Crime Moral hazard Bias Legal Process Model Data Reputational Project There can be overlap between various types of risk Classification of risks is therefore somewhat arbitrary Students – in groups think of an example of each type Types of operational risk Some of the risks above will be treated separate to operational risk in some texts Most are self-explanatory Business / strategic risk Agency Moral hazard Bias Model Reputational Legal Project Business / strategic Risk of not achieving the company’s objectives Inadequate business plans “behind the curve” Changes in the business environment Eg changes in laws provide opportunity of new insurance products, but company fails to put plans in place to benefit from this Eg HMV affected by internet sales Blackberry,, Formula One – people stop watching (biggest risk) so advertising revenues fall Agency risk A party who is appointed to act on behalf of another party, but instead acts in his own interests. Results from the misalignment of interests between different stakeholders See examples from earlier Both CEO and auditor exhibit agency risk Actuary increasing discount rate in exchange for Olympic tickets Agency risk Barings – Nick Leeson Took aggressive derivative positions hoping to make large gains Which would lead to large personal bonuses Instead market movements went against him Barings declared insolvent Agency risk Roulette Bet on black or red, 50 / 50 If red comes up you win £1million; company wins £10m If black you lose your job (salary of £100k) but lots of similar jobs available ; company insolvent Would you play? Worth the risk? Important for management / regulators to set balanced (dis)incentives Moral hazard Change in behaviour following a change to your exposure to a risk At greatest risk where the insurer is unable to control the behaviour of the insured Eg less careful with locking your bike if it is fully insured Eg Pension scheme less worried about investment strategy following the introduction of a Government protection scheme Moral hazard How could the insurer reduce the moral hazard in these examples? XS paid by plicyholder, claims only paid if bike is locked/in garage etc Bias Examples of bias Overconfidence “It’s not gone wrong in 10 years so all the risks must be managed well” Anchoring – decisions taken based on too much emphasis on the current position Answers are based on the starting point Eg “we’re invested in equities - do we really need to move into bonds?” Rather than asking “Where should we be invested in now?” Often results in adjustments to the current position rather than a required significant change in strategy Eg adjustments to insurance reserves Hiring employees with similar characteristics to us Model risk The risk that a model used is not appropriate Eg insolvency model used to value of an ongoing firm instead of valuing future profits from a business Inappropriate or missing parameters Eg not allowing for correlations when assessing defaults from a bond portfolio Inappropriate assumptions Risk from not understanding the limitations of the output from the model Eg if the standard deviation of a variable is changed slightly would this result in a different management decision? Mortality tables! Use out of date set, no improvements allowed for, heterogenous etc Reputational Example : credit rating agency S&P Lehmans S&P rating on 10 Sep 2008 : A+ A+ : “strong capacity to meet its financial obligations” Filed for bankruptcy September 15 Could institutions rely on S&P assessments? Legal Legal / policy documents are poorly drafted not kept updated Linked with regulatory risk What is a particular problem with legal risk? Project risk Covers many operational risks which arise from undertaking a new project Changes in risk When action is taken to deal with a certain risk often a different type of risk then arises Eg purchase of annuity policies replaces longevity risk with the risk that the insurer defaults on future payments (credit risk) 2024/25 MA6031 Control cycle What risks do we have? Measure these risks Is there any correlation between the risks? Compare the answers with what is acceptable ie assess the risks relative to our risk appetite Decide how to deal with each risk which is unacceptable Example of Control Cycle Family run butcher Risk of selling contaminated meat resulting in illness / death Likelihood of occurrence is small, but consequence is customers are taken ill/die resulting in legal proceedings. Also possibility of concentration risk – lots of people become ill/die. Could result in financial ruin, imprisonment - agreed this is above acceptable level of risk Take out public liability insurance and ensure appropriate operational procedures are in place Control cycle We need thorough understanding of the current business environment, and awareness of economic conditions. Then we can: Identify the risks Measure / quantify Assess ie compare with risk appetite Manage eg reinsure, remove Monitor Modify Control cycle Company should record all the risks they are exposed to (identify) Then need to measure those risks – obtain our “risk profile” (measure) Then compare with our “risk appetite” (what level of risk is acceptable?)(assess) Then need to decide how to deal with those which are not acceptable ie exceed our risk appetite (manage) Monitor experience eg number and size of claims Decide whether action taken to deal with the risk could be improved (modify) Some definitions Risk profile, appetite, tolerances Risk profile is a description of the company’s risk exposures Risk appetite – what amount of risk is acceptable? This is based on : The capacity of the firm to take on risk. This will depend on regulatory restrictions, capital, experience Attitude towards, and tolerance of, risk In determining our appetite we must know our objectives and the benefits and consequences of success or failure Risk appetite, which is initially set by the Board, needs to be broken down into lower level risk appetites, known as Risk Tolerances, such that decisions can be made at operational level Risk appetite statements are broad in nature Risk Tolerances are more precise and “useable” – they will be expressed in more specific performance terms – they can be used by departments and operations across the organization Give example of an insurer’s risk profile eg various gamma distns of different lines, investment distns, expenses etc Some examples Risk appetite (set by the Board) Our solvency position will remain above 130% We will maintain or improve our AA rating We will receive no regulatory fines Risk tolerances Our daily VaR 99% must not exceed £10m All regulatory submissions must be made a week before the deadline Control cycle Understand the business and regulatory environment Identify risks Measure risks Assess risks – are they acceptable? Manage risks Monitor – identify changing/new risks and re- measure Example Control cycle in context : Family run butcher Identify : Risk of selling contaminated meat resulting in illness / death Measure : Likelihood of occurrence is small, but consequence is customers taken ill/die resulting in legal proceedings. Also possibility of concentration risk. Assess – is the risk acceptable? : Could result in financial ruin, imprisonment - agreed this is above an acceptable level of risk Manage : (1)Take out public liability insurance and (2)ensure appropriate operational procedures are in place Control cycle – step 1 First need to establish the context (or the general business environment) Area of business – what are our products? Company structure and finances Business objectives / plans Who are the stakeholders? Legislation Current / future economic/political conditions Competitors Risk appetite You have worked in pensions for 3 years, but are moving to work for a new general insurer as CRO – need to understand general environement first! Identify risks - techniques Group sessions Surveys Interviews Appoint consultants Use own experience Attend risk seminars The above are pre-arranged and formalised Risk “hotline” Homework – think of pros and cons of above methods Identify risks Important for the Board, Management and Staff to be involved Each are likely to have a different perspective and therefore identify a greater number and variety of risks Need to also allow for emerging risks eg collapse of secure economies, climate change, pandemic diseases, medical advances Risk register (1) Once risks are identified, they should be added to a risk register showing: Category Identifier Description Possible other risks correlated with each risk Current status of the risk Example scenarios where the risk is likely to occur List those responsible for risk handling Date of last assessment Once the risks have been measured and assessed the risk register should be updated – see later Risk register (2) http://www.thepensionsregulator.gov.uk/docs/ public-service-example-risk-register.pdf Measure the risk Before undertaking the exercise of measuring the risk an initial assessment should first be carried out This will give a “feel” for the possible severity and likelihood of the risk occurring ie how much time should be spent assessing this risk? However there is a risk here (overconfidence) that apparently trivial risks are overlooked and decide whether the measurement should be carried out: ❖ Quantitatively ❖ Qualitatively ❖ Mixture of both Measure the risk - Quantitatively Sensitivity testing Examples What if equities fell by 20% What if bond yields fell by 1%pa $ falls by 20% against £ Other reasons – as a check, educational regulatory Or scenario testing where a number of these events happen together Eg bank regulator – what is the combined effect on banks’ solvency levels of increased inflation, interest rates rising, house prices falling, and unemployment rising? Quite simple methods Often used by regulators Measure the risk - Quantitatively..or include Probability in our calcs eg Standard deviation Value at Risk Probability of Ruin For this we need to specify a statistical distribution Measure the risk Standard deviation This is often used as an indication of risk Research undertaken by the insurance company’s investment department predicts: Equity returns are normally distributed with mean = 6% pa and s.d = 9% pa Bond returns with mean = 3% pa and s.d = 3% pa we can expect a return worse than -3% pa every 1 in 6 years from equities and 40 years from bonds Decision makers can understand that equities are more “risky” than bonds Laymen unlikely to understand what this means “Markovitz”? Measure the risk Value at Risk (“VaR”) First set a time period and confidence level VaR is then the loss you expect to be exceeded in that time period with that level of confidence Eg £1 million UK equity fund investing in > 100 companies What is VaR for one day at 95% confidence? Result could be £20,000. This means…. “5% chance of the fund being lower than £980,000 at the end of the day” Easy to interpret and very widely used but… …doesn’t give information on what the loss might be in extreme cases Measure the risk - VaR Fund manager sells stable stock and buys more risky, volatile stock with the hope of generating higher returns VaR of portfolio measured before and after trades Found that VaR has increased from £20,000 to £40,000 This exceeds the risk threshold permitted by Risk Manager (defined as VaR = £30,000, let’s say) Fund manager must reverse the trade VaR can be a very useful measure of risk Measure the risk - VaR VaR What is 1 year 99% VaR for a motor vehicle insurance business where total expected annual claims are normally distributed with mean £20m and s.d. of £3m? 99% level for Normal distn is 2.33 s.d.’s. 2.33 x 3 = £7m So expect claims to exceed £27m every 1 in 100 years Pros and cons of VaR Succinctly describes the level of risk; one number! Well understood and widely used But… Conveys no info on losses greater than VaR ie what could the losses be in a worst case scenario? Can create over-confidence – 99%VaR does not represent the maximum loss! Because it is so widely accepted VaR calculations are often not challenged resulting in poor risk decisions being made (we just accept that VaR is correct when in fact the underlying model may be inappropriate eg during times when markets are stressed) Measure the risk Probability of Ruin What losses are required to result in insolvency? What is the probability of incurring this loss? Example Consider a small, new company which provides life assurance benefits for its employees. The company would go bust if it had to pay out >£1m in these benefits this year Probability of death of employees which would result in ruin estimated to be 1% Decide to take out life assurance Good example of initial assessment of risk is sufficient to determine that insurance is required without undertaken complex analysis Measure the risk Stochastic Can incorporate more complex features of a distribution eg ones which are not symmetrical Can include sensitivity testing Can give transparent results eg for pension scheme Trustees such as: “there’s a 10% chance you will be underfunded over the next 10 years if you adopt a 100% equity allocation, but only a 1% chance if you invest entirely in bonds” Can obtain VaR stochastically – how? Measure the risk Can’t quantify some risks This slide is copied in the next set of handouts…. Many operational risks are difficult to quantify Eg loss of reputation, data loss, fraud Use judgement Key is to identify those risks which result in greatest losses Eg “if this event occurs we will go bust” Include some measure of the likelihood 2024/25 MA6031 Control cycle contd. Next slide is duplicated Measure the risk Can’t quantify some risks Many operational risks are difficult to quantify Eg loss of reputation, data loss, fraud Use judgement Key is to identify those risks which result in greatest losses Eg “if this event occurs we will go bust” Include some measure of the likelihood Can’t quantify some risks Could score each risk for impact and likelihood Results in grid with codes for each risk Or heat risk map, or risk matrix First concentrate on those with “highest scores” Example risk map Assess each risk The aim of assessing risks is to determine which risks need to be dealt with in some way We are comparing the results of the risk measurements with our risk appetite Which risks are acceptable? No further action is required for these What about where the risk is not acceptable? Need to manage these in some way Assess risks – risk map example Board decides further procedures are required to reduce the likelihood of : Manipulation of loan reserves Mortgage fraud Insider loan fraud Assessing risks Setting the risk appetite To assess the risk we need a reliable risk appetite measure What are the Board’s / shareholders’ expectations? This will help define the risk appetite This could be : “it is unacceptable for the solvency level to fall below x%” “