Risk Management

Chetsada Siriniran 494 55256 29

Narintra Tinnarathsakulchai 494 55708 29
 Outline

• Introduction to risk
– What is risk?
– Why manage risks?
– Types of risk
• Risk Management
• Policy tools for risk management
 What is risk?

• The combination of the probability of an event

and its consequences

How does risk occur?

• State of the world = Uncertainty

• Asymmetric information
– Adverse selection
– Moral hazard
 How does risk affect us?

1. You think you would earn 10,000 baht

everyday for 1 month
= 300,000 baht per month
2. But, first 10 days you earn 12,000 baht.
Next 10 days you earn 10,000 baht.
Last 10 days you earn 5,000 baht.
= 270,000 baht at the end of the month
* Risk may lead to less actual income than that
you expect.
 Risk Preference
1. Risk Neutral = Prefer fair game
Utility
Probability Return
0.20 +50
0.60 0
0.20 -50
Outcome
E(R) = 0.2×50 - 0.6×0 - 0.2×50 = 0

2. Risk Lover = Prefer negative outcome game

Utility
Probability Return
0.20 +100
0.60 -20
0.20 -50
Outcome
E(R) = 0.2×100 - 0.6×20 - 0.2×50 = -2
 Risk Preference

3. Risk Averse = Prefer positive outcome game

Utility
Probability Return
0.20 +60
0.60 +10
0.20 -40
Outcome
E(R) = 0.2×60 + 0.6×10 - 0.2×40 = 1

• This one is the assumption of all risk related theory.

• Since people are risk averse, riskier alternatives
should provide risk premium to draw community’s
interest.
 Example of risk

Recall the interest parity;

F
1  R  (1  R)  


See when risk premium () rises, given the

world interest rate constant, the interest rate in
the country must be higher. That means the
cost of borrowing in the country will rise, and
total income of the economy will decrease.
 Why must we manage risk?

Objectives of risk management

• to integrate concerns for risk into an
organization's daily decision making and
implementation process
• to recognize resource allocation implications
• to understand the opportunity cost or
trade-offs with any decision
 Types of Risk

Considering all the potential risks that a firm

may face, we can divide risks into 4 types
according to their features

1. Financial risk
2. Operational risk
3. Strategic risk
4. Hazard risk
 Operational risk
• Risk arisen from execution of a company’s
business functions.
• This can affect the firm’s decision for strategies
which may cause losses on credibility and
reputation.
• Ex. Human error
Fraud
Technical failure
 Strategic risk
• Risk arisen from the improper long-term
strategic objectives of the organization.
• This can affects firm’s capital
availability, sovereign and political risks,
legal and regulatory changes, reputation
and changes in the physical environment.
• Ex. Merging failure
Misleading research
 Hazard risk

• Risk arisen from unforeseen events partaken by

or associated with a company.
• This kind of risk may not occur frequently, but it
may severely ruin the firm’s value.
• Ex. Counterparty risk
Natural disaster
Bank panic
 Financial risk

• Risk arisen from the dynamics of market

movement and changes in macroeconomic
factors.
• There are 2 major kinds of this risk
– Undiversifiable risk
• Market risk
• Credit risk
– Diversifiable risk
• Liquidity risk
 Market risk

• Risk arisen from natural movements of interest

rate, foreign exchange rates and prices of
instruments in the money and capital markets.
• This affects the earnings and capital of the
financial institution.
• Classified into 3 types
• Interest rate risk
• Foreign exchange rate risk
• Price risk
 Interest rate risk

• Risk arisen from changes in interest rates of

assets, debts, off-balance sheet items
- Repricing risk
- Basis risk
- Yield Curve risk
- Option risk
 Foreign exchange risk

• Risk arisen from the fluctuation of exchange

rate, due to a transaction in a foreign currency or
from holding an asset or debt in a foreign
currency.
- Transaction risk
- Translation risk
 Price risk

• Risk arisen from the changes in the price of

debt, equity instruments and commodity.
• This causes the value of the investment in the
trading portfolio and profit of the financial
institution to diminish.
 Credit risk

• Risk arisen from a chance or probability that a

counterparty cannot fulfill the agreed obligation,
• This affects the credit extension both credits that
are assets and contingent liabilities of the
financial institutions.
- Default risk
- Credit spread risk
- Downgrade risk
 Liquidity risk

• Risk arisen from FI’s failure to pay its debts

when due because of its inability to convert
assets into cash.
• Bank run because it doesn’t has enough liquidity
in their balance sheet
• Ex. Liquidity risk from asset side
Liquidity risk from liability side
 Bank’s balance sheet

Source: http://finapps.forbes.com/finapps/jsp/finance/compinfo/FinancialIndustrial.jsp?tkr=AIG
 Bank’s balance sheet

Source: http://finapps.forbes.com/finapps/jsp/finance/compinfo/FinancialIndustrial.jsp?tkr=AIG
 Systemic risk

• Risk arisen from the collapse of an entire

financial system because each firm interlinks
with the others.
• The failure of a single entity or cluster of entities
can cause a cascading failure which leads to
bankrupt in the entire system or market.
Systemic risk
 Risk Management
is the action to deal with dissatisfying risks
occurred to a person or an organization.

Principle of Risk Management

• create value
• be an integral part of organizational processes
• be part of decision making
• explicitly address uncertainty
• be systematic and structured
• be based on the best available information
• be tailored
• take into account human factors
• be transparent and inclusive
• be dynamic, iterative and responsive to changes
• be capable of continual improvement and enhancement
Source : International Organization of Standardization
 Risk Management

Main Process of managing risks

1. Identification of risks
2. Risk measurement
3. Strategic planning
4. Policy implementation
 Identification of Risk

is a process of monitoring and defining all

risks that involves in the organization value.
Risk monitoring
is the procedure to search and list all potential
risks that an organization is facing.
Risk defining
is the procedure to indicate which types and
magnitude of risks the firm concerns.
 Risk measurement

is a process of evaluating risk which is

defined by the firm. It can be either qualitative
approach or statistical approach.
Risk scoring
is a qualitative approach of risk management.
It’s conducted by rating each aspect in the list
and weight them for individual preference.
Quantifying risk
is the way to define risk in statistical approach.
 Duration
• a measure of sensitivity of the asset’s price to
interest rate movements or elasticity of asset or
liability’s value
• weighted-average time to maturity on the loan
with present value of cashflows
• equal to ratio of percentage reduction in the
bond’s price to the percentage increase in the
redemption yield of the bond
• Basic model : n

 PV  t  t
V  V
D t 1

n
2V0 (R) 2
 PVt 1
t
 Immunization
• a strategy ensuring that a change in interest rate
will not affect the value of a portfolio by duration
matching or trading derivatives
• foreign exchange risk or stock market risk, can
be immunized using similar strategies
• incomplete immunization called “hedging”
complete immunization called “arbitrage”

Duration matching
• match duration of asset with duration of liability
• to protect against losses from interest rate volatility
 Duration gap
• is the difference in sensitivity of interest-yielding
assets and the sensitivity of liabilities to a change
in market interest rate
R
E  DA  DL k  A 
L
; k
1 R A

Problem of duration analysis

• Duration matching can be costly
• Immunization is a dynamic problem
• Large interest rate changes and convexity
 Mean – Variance Approach

Expected return :
n
E (r )   wi ri
i 1

return
Variance : E(r)-S.D. E(r) E(r)+S.D.
n
Var (r )   wi ri  E (ri ) 
2

i 1

Standard Deviation :
n
S .D.  Var (ri )   wi ri  E (ri )
i 1
2
 Extreme Value Theory

• A branch of statistics dealing with the extreme

deviations from the median of probability
distributions
• There are 2 approaches
– Basic theory approach
– Peak-Over-Threshold model
• Extreme value distributions are the limiting
distributions for the minimum or the maximum of
a very large collection of independent random
variables from the same arbitrary distribution.
 Value at Risk (VaR)
• is used to measure a bank’s market risk, also
has been adapted to measure credit risk
• emphasizes on losses arising as a result of the
volatility of assets, as opposed to the volatility
of earnings
• Downsize risk measurement
• “What is my worst-cased scenario?”
• consists of a time period, a confidence level
and a loss amount
dV
• Basic model : Varx  Vx   Pt
dP
 Value at Risk (VaR)
• Definition :
VaR  {l  R Pr(L  l )  1   }

• Basic model :
dV
VaRx  Vx   Pt
dP
VaR  V 1.65 ; 95% Confidence Level
VaR  V  2.33 ; 99% Confidence Level
 Value at Risk (VaR)
1. Non-Parametric Method (Historical method)
• full valuation model
• requires at least one year historical data (Basel)
• assumes historical data will repeat itself

Source : http://www.investopedia.com/articles/04/092904.asp
 Value at Risk (VaR)
2. Parametric Method (Variance-Covariance)
• delta normal approach (usually multivarate)
• partial valuation model (only linear combination)
• requires at least one year historical data

Source : http://www.investopedia.com/articles/04/092904.asp
 Value at Risk (VaR)
3. Monte – Carlo approach
• full valuation approach by multiple “black box”
generators to generate a distribution of returns
• uses hypothetical trials instead of historical data



  n  
VaR p  u   (1  p)   1
   Nu  
 

Source : http://www.investopedia.com/articles/04/092904.asp
 Conditional Value at Risk (CVaR)
• often used to reduce the probability of
incurring large losses
• derived by taking a weighted average between
the value at risk and losses exceeding the
value at risk.
• known as Expected Excess Loss, Expected
Shortfall, or Tail VaR
5% worst-cased value ES p  VaR p  E ( X  VaR p X  VaR p )

Value
CVaR 5% VaR 5%
 Scenario Analysis
• a process of analyzing possible future events
by considering alternative possible outcomes
• There are 3 steps in the process
1. Scenario building
2. Extraction of issues from the scenarios
3. Synthesis of results
High
Scenario 1
Frequency

Scenario 2
Scenario 3
Low Scenario 4
Low Impact High
 Stress Testing
• a simple form of scenario analysis
• takes into account extreme events that are
virtually impossible according to the probability
distributions
• Vary input parameters in a financial model and
see how much your answer changes
• This is an extension of VaR. Return

When there’s an extreme loss

exceeding the VaR, stress test
can be applied to indicate the VaR
approximated value of loss.
Time
 Stress Testing
• Example of stress test : Liquidity stress test

Bank A’s balance sheet (unit = $ million)

Asset Liability
100 Debt 90
Capital 10

10
CAR =  0.10  10% (Legal capital adequacy ratio)
100
If bank A faces $5 million capital deficit,
“What should bank A do?”
 Gaussian Copula Model
• constructed from the bivariate normal distribution
• Basic model :
 X ,Y ,   1 (u ),  1 (v) 
c (u, v) 
  1 (u )   1 (v) 
 X ,Y ,  ( x, y) 
1 

exp  
1
x 2
 y 2
 2 xy 


2 1    2(1   )
2
2

• widely used in financial risk
assessment and actuarial
analysis (ex. pricing of CDOs)
• lack of dependence dynamics
and poor representation of extreme events
 RAROC
• the ratio of risk adjusted return to economic
capital (amount of money needed to secure the
survival in a worst case scenario)
• Economic capital is a function of market risk,
credit risk, and operational risk, and is often
calculated by VaR.
• Basic formula :
expected return
RAROC 
economic capital
expected return
or RAROC 
VaR
 Managing Risk
After risk monitoring and measurement, we
will understand feature and magnitude of risk.
This will lead to strategic planning and then the
implementation.

Strategies in Managing Risk

1. Controlling (limit)
2. Avoidance (eliminate)
3. Reduction (mitigate)
4. Sharing (transfer)
5. Pooling (diversify)
6. Retention (accept and budget)
 Risk Control
Risk control is the action of accepting an
exact level of risk. The maximum level of risk
tolerance is determined. When risk level exceeds
the limit, some reactions have to be held in order
to manage it.
Example : Loss control, Credit limit
risk

take actions

time
 Risk Avoidance
is the action of not performing an activity that
could carry risk. This helps reduce risk, however, it
also reduce the potential gain from accepting risk.
By applying this strategy, the firm will face less
uncertainties than others, but firm may lose the
large number of income in a competitive market.

Example : Corporate downsizing or shutdown

Taken over
 Risk Reduction
is the action of reducing the severity of loss
or likelihood of loss from occurring.

Example : Computer-based information system

Human capital development
Hiring specialists and professional
consultants
 Risk Sharing
is the action of transferring risk to the third
party. The exact size of risk still exists, but it would
be push away from one person to another.

Example : Buying an insurance

Outsourcing
Hedging
CDS
 Risk Pooling
is the action of diversifying risk by contributing
capital in more various types of assets. When there
is a dramatic adverse change to one security, the
opposite effect from another could rise and offset
loss. This helps reducing the severity of loss, but
reduces magnitude of abnormal gain.
Example : Composing efficient portfolio
Conglomerate merger
risk

number of securities
 Risk Retention
is the action of accepting loss when it
occurred, by taking some policy changes to
increase the capacity of risk tolerance.

Example : Raising capital to cover more losses

risk

risk bearing capacity

time
 Central bank, Government and risk
management in financial system

control
CB
risk risk
Consumers FI Investors

policy
Gov.

Macro economy
 Disclosure

“The Bank reaffirms its recognition and

endorsement of the fundamental importance of
transparency and accountability to the development
process. Accordingly, it is the Bank’s policy to be
open about its activities and to welcome and seek
out opportunities to explain its work to the widest
possible audience.”

From : “The World Bank Policy on Disclosure of

Information” 2002
 Basel II

Objective :The final version aims at:

• Ensuring that capital allocation is more risk
sensitive.
• Separating operational risk from credit risk, and
quantifying both;
• Attempting to align economic and regulatory
capital more closely to reduce the scope for
regulatory arbitrage.
 Basel II

• While the final accord has largely addressed the

regulatory arbitrage issue, there are still areas
where regulatory capital requirements will
diverge from the economic.
• Basel II has largely left unchanged the question
of how to actually define bank capital, which
diverges from accounting equity in important
respects. The Basel I definition, as modified up
to the present, remains in place.
 Capital adequacy ratio (CAR)
CAR is a ratio of a bank's capital to its risk,
National Regulator track a bank's CAR to ensure
that it can absorb a reasonable amount of loss
and are complying with their statutory Capital
requirements.

>10%

10% in this case is a common requirement

for regulators conforming to the Basel Accords
 Good risk management process for
market risk
• Appropriateness of the role of Board of
Directors and Senior Management and
suitability of organizational structure
• The financial institution should clearly state
the policy and practical guidelines in
managing market risks
• Appropriateness of Risk Specification,
Measurement, Monitor, Report and Control
• Effective internal control and audit
independence
 Risk control and monitoring for
credit risk
• Setting the target and acceptable risk level
• FI should have a good management
information system
• Operating under a sound credit granting
process
• Proper credit administration and Monitoring
• Monitoring the structure and quality of credit
• Good management of problem credits
 Risk controlling for liquidity risk

• Competent the Board of Directors of financial

institution and senior executives
• Sound management policy of assets and
liabilities
• Flexible management structure
• Up-to-date and accurate information system
• Determining risk limits
• Well managing market access
• Contingency funding plans
 Risk management and Financial crisis

Leverage ratio of financial companies in the US

Source : SNL
 Risk management and Financial crisis

• The Hamburger crisis derived from the lack of

“risk adjustment” when reporting profit.
• The roots of crisis are “Lack of accountability”,
“Leverage” and “Liquidity”.
• Is it enough to rely on just a single simple model?
• Risk modeling guideline
1. Use data-driven assumptions
2. Transparent stress test key assumptions
3. Understand the limit of data