Risk management Derivatives Regulation Investing Quantum Cutting Edge Books Journals Search All

risk.net
sections

Events Awards White papers Analytics Hub Futures & Options Hub Webinars Tech Directory Subscribe Follow us My account

Search risk.net

Advances in the Risk Management SEARCH BOOKS

Search Risk Books

Process Type to search
René Doff

11. Advances in the Risk Management Process Contents

This chapter will apply the behavioural theories discussed so far to the general risk cycle. The
risks faced by an organisation generally boil down to two factors: changes in the external
environment and/or their internal processes. For instance, external changes could be the
Chapter first published in:
changing financial markets, a catastrophic event, government policies changing or ethical
preferences of the general public. Internal changes are mostly due to deliberate decisions
Behavioural Risk (provided it is a well-governed organisation) such as decisions to change the asset allocation,
Management launch a new product, regular price updates, optimise the liquidity buffer, or set up a new
By René Doff communication strategy. Decisions can be well founded, properly organised or more implicit.
First published: However, it is good to be aware of the changes in risk profiles that every business decision
19 JUN 2020 can cause. This distinction of external and internal changes in the risk profile is crucial. After
ISBN: 9781782724230 all, when external changes happen it is not usually within our power to influence the event
itself. However, a good risk manager will understand that the consequences of that particular
BUY NOW event can (and should) be managed.

Subscriber discount i
We will build this chapter on the general risk cycle we introduced in Chapter 2, and more
specifically represented in Table 2.2. All the steps in that process will be examined in more
detail, and the various behavioural pitfalls and tools that help mitigating them will be
discussed. One can safely assume that a sound risk process is crucial for all risk managers
because they are operating on one or multiple stages of that process. This makes it important
for all risk managers to incorporate behavioural aspects into their risk processes.

RISK IDENTIFICATION
The first step in the risk management process is the risk identification.1 The objective of this
step is to understand the main risks that an organisation (or business unit) is exposed to.
There is a multitude of methods to identify risks, most of which are described in risk
management textbooks. The majority of these will work excellently and ensure that all-
important risks are brought to the table. Examples are:

self-assessment workshops;

expert opinion;

trend analysis; and

root cause analysis of occurred incidents.

The use of scenarios as a risk identification method is less well described in the context of
risk management. Chapter 9 proposed two ways to implement scenarios for risk
management: exploration and simulation scenarios. During the risk identification phase
exploration scenarios work best, especially when developed using systems theory and
identifying the inter-relation between actors in the system. This is because it ensures a wide
and divergent analysis of potential risk, and allows for in-depth analysis of potential future
states. As discussed, it is important not to choose one preferred future state, but to
simultaneously analyse all future states in parallel. This acknowledges the fact that the future
is hard to predict.

Many biases can occur during the phases of risk identification and risk assessment (see
Table 11.1). Examples here are confirmation bias and overconfidence that the product/project
will succeed rather than fail, status quo bias combined with the present bias resulting in
neglecting of potential risks, etc. Social biases also play a role.

In the financial industry, risk identification is often omitted from the process, because
regulatory frameworks have already provided the risks to be assessed in Pillar 1 (see
Chapter 5). Hence, the risk framework is already set in stone, and it is difficult to bring new
risks to the table. This can be labelled as myopic – it makes decision-makers less open to
new risks. In addition, once a stakeholder presents new risks, they are easily disqualified as
irrelevant since it does not have any capital charge under Pillar 1 or because this risk does
not fit into a known risk category. In essence, the former is an example of confirmation bias:
only Pillar 1 risks are relevant as the objective is to manage the capital base. The latter is an
example of affect heuristic or cognitive dissonance: it is impossible for risks that cannot be
classified to be relevant. Due to this, both risk managers and board members run the risk of
becoming “lazy” during the risk identification phase, and look at only the prescribed risk types
rather than performing a bottom-up analysis of all potential risks that the organisation faces.

Table 11.1 Biases during risk identification phase

Bias Example
Overconfidence “This product does not have any important risks”
Affect heuristic “I like this product so much that it is impossible it will face serious risks” “I like the business manager, so his risks
are probably not so large”
Present bias “In the short run, nothing serious can happen to this product”
Availability bias “No problems have occurred recently, so this product is risk-free”
Recency bias
Inattentional blindness “We are so focused on the marketing of this product that we overlooked an important technical error”
Selective perception “This is a good product, so it is impossible the risks will be high”
Peer pressure “The board considers this an important project, so it probably considers the risks less dominant than I do”
Group dynamics “We got so carried away by the marketing strategy that we did not spend any time on discussing the risks”
Causality trap “The VaR outcome of this mortgage portfolio is low, so there cannot be any foreseen losses”

Knight’s (1921) distinction between risk and uncertainties springs to mind: whereas risks are
the known possible outcomes of a stochastic process, uncertainties are truly unknown
outcomes and unimaginable events. Taleb’s black swans are examples of uncertainties in the
context of Knight. While the discussion on black swans or unknown unknowns can be
lengthy, the real issue is to acknowledge they exist and to be prepared for uncertainties.
Using scenarios is one way to do that.

There are three main methods to overcome the pitfalls mentioned in this section. First,
countervailing power in the decision-making process triggers different perspectives (see
Chapter 13). Often, a dedicated risk manager will act as a devil’s advocate to allow
participants to recognise the pitfalls during the process. Second, slowing down the decision-
making process allows for reflection on the problem at hand. This in turn helps all participants
recognise the pitfalls, and supports differences of opinion. The latter are useful in that such
differences (when articulated sufficiently) can help avoid some of pitfalls in Table 11.1. The
risk identification phase should ultimately lead to a decision made by the board. All phases
discussed in Chapter 10 to support the decision-making process are relevant here, including
voting processes and the position of the chairperson. Third, inviting a variety of perspectives
and the encouragement to disagree greatly increases capacity to identify and recognise risks.

The role of the risk manager during the risk identification phase of the process is to serve as
an expert and facilitator in parallel. The facilitator role ensures that all stakeholders in the
process provide sufficient input and a wide perspective of risks are discussed. However,
when stakeholders suffer from biases such as overconfidence, they turn less critical to the
risks. In this case, the role of the risk manager should be that of the risk expert where they
provide content rather than the process. This can be achieved by providing alternative
examples (from loss databases), fact-based analyses or explorative scenarios. These
examples, facts and scenarios operate as a reality check for the board members in order to
overcome overconfidence, affect and overoptimism biases. The examples from other
organisations can also trigger different biases, such as availability bias, misconception of
chances and illusion of validity. These pitfalls can and should be avoided by sanity checks,
including answering questions such as: “how comparable are the examples from the other
organisations to our own organisation?”, “are there any examples from other organisations in
addition to the current one?” and “what were the real conditions for failure in the case at
hand?”. The risk manager has a crucial role to play in helping to answer these questions.

RISK ASSESSMENT AND MEASUREMENT

This phase in the risk cycle refers to making the identified risk quantifiable as much as
possible. The “regular” financial risks covered in Pillar 1 are mostly quantified effectively,
using VaR or other stochastic techniques. As discussed in Chapter 3, these techniques are
prone to pitfalls that can only be overcome by quantitative strong analysts, pinpointing the
flaws of assumptions or by providing alternative assumptions. The crucial bias here is that
once the “objective” VaR number is presented, it sticks as an anchoring point. Board
members are likely to refer to it, despite them acknowledging the false security of the single
number. This makes it a difficult cycle to break for the risk manager challenging the initial VaR
outcomes.2 Therefore, it is crucial to have the risk manager’s input as early in the process as
possible in such a way that the challenging of Monte Carlo scenarios can be done from the
outset – or, even better, in such a way that multiple scenarios (assumption sets) are
presented to the board at the beginning of the discussion. The role of the risk manager is that
of expert, providing technical countervailing power to the analyses made. It is the role of the
board to organise the position of risk managers in such a way that they are involved early in
the process. This is a good approach to avoid the biases at play because the risk manager
can avoid these very explicitly.

In cases where the risk modelling is less obvious or straightforward, such as in strategic risk
analyses, the discussion is often on probability and severity using a heat map. Such analyses
are more interactive and involve various stakeholders. The human biases at play here are
overconfidence, overoptimism and illusion of control, but also social biases such as
groupthink and peer pressure. Table 11.2 provides examples of these biases in addition to the
biases in the earlier phases of the risk management process.

In settings where the risks are assessed in a more qualitative way – eg, through workshops
or brainstorming sessions – it is important that the risk manager, in the role as facilitator, first
gets all input from the participants individually. They will need to create a safe environment for
all to speak and disclose the perceived risks and their probability/severity. Most of the time,
the board discussion is done only after all individual input has been collected. This avoids
peer pressure, group dynamics and conformation to authority. Even in this discussion, there
needs to be sufficient time for individual input and contradicting perspectives (see Panel 11.1
for an example). The role of the chairperson is important since they can steer discussions by
framing or through their authority. Therefore, the risk manager and chairperson need to agree
upfront on the best approach to avoid pushback during the process. A sensible rule of thumb
is that the chairperson provides input after all participants have done so to avoid anchoring. If
there is another powerful person in the meeting with strong opinions, this person should also
come last in line.

Table 11.2 Biases during risk assessment and measurement phase

Bias Example
Overoptimism “This risk is moderate, nothing really severe could happen”
Affect “I understand that there are risks involved, but I do not understand the calculations. Therefore, the high outcomes must be
heuristic wrong and they must be lower instead.”
Analysis “Let us gather some more information even though the current dataset already shows the important risks”
paralysis
Illusion of “If this risk materialises, we will have plenty of options to intervene, so the risk can be rated relatively low on a post-
control mitigation basis”
Present bias “As per today, the outlook for this product is good, so the risks must be relatively minor”
Anchoring “The VaR is low; even though I know VaR is not perfect, the risks must still be relatively low”

When analysing a typical heat map, the focus is usually on the top-right corner: high
probability and high severity events. The items that end up in this quadrant are priorities that
could need a crisis response. However, low probability and high severity events are equally
dangerous – after all, the high severity could potentially still cause a bankruptcy. As a general
rule: “if the impact is non-zero, it is worthwhile seriously worrying about it”. Therefore, it is
often said that severity prevails over probability, which means that one should not overlook
low probability, high severity events.

PANEL 11.1: RISK ASSESSMENT WORKSHOP

Assume the board of a middle size company wants to perform a strategic risk
assessment and invites a consultant to support the board with this task. After
speaking with all board members individually, the consultant lists and summarises the
top 25 strategic risks to the company. The chairperson wants to organise one
workshop to discuss the risks and another to discuss an action plan for the important
risks. During a three-hour workshop, the consultant gives all board members
individual sticker notes containing each risk. They then invite the board members to
first rate the risks individually according to probability and severity by noting it down
on each sticker. This avoids social biases such as peer pressure and conformation to
authority.
Then, each of the board members put their stickers on a heat map put up on the wall,
with the chairperson being the last person to do so. Only after all the stickers are on
the heat map is there a lively discussion of all the risks. During this discussion, it
appears that the board is rather unanimous on the three top risks, but has a very
divergent opinion on the next seven places in the list of top 10 risks. An interesting
observation is that the chairperson considers some risks as very low in probability and
impact that other board members rank very high in both probability and impact. As
one of the outcomes, the board decides to completely restructure their strategic board
agenda going forward.

This two-step approach for the workshop helps avoid peer pressure and conformation
to authority. It also enables differences to be put on the table that would have
otherwise remained uncovered due to the strong opinions of the chairperson.

RISK MITIGATION
This phase of the risk management cycle consists of choosing the appropriate action for all
risks. Bear in mind that one of the potential risk mitigants is to choose to accept the risk as it
is. As long as that is a deliberate and conscience choice, it is perfectly defendable. Since
every action requires a decision, it is crucial to follow the decision-making steps during this
phase that we identified at the beginning of this chapter. One of the main dangers during this
phase is to rush into a decision too hastily without careful consideration of the consequences,
and without an adequate response to the human pitfalls. Therefore, slowing down the
decision-making goes hand in hand with de-biasing.

Risk mitigation can take place during two moments in time:

1. at an urgent crisis, when a risk has evolved beyond a threshold level and has become
too high; and
2. at the point when the risk is identified for the first time, most often in calmer waters,
with the objective of avoiding future emergencies.

During an urgent crisis such as in situation 1 above, action needs to be taken immediately.
This can be done by a crisis committee that fire-fights the problem. Table 11.3 provides a list
of biases that could occur during this phase.

When risks are considered in calmer waters, such as situation 2, there is more time for
analysis. When a particular risk is phrased in tolerance levels, a more or less explicit risk
appetite statement occurs. The formal board-level risk appetite statements that are often
referred to contain beautiful phrases announcing to (internal and external) stakeholders what
levels are tolerable and which ones are not. Passing the threshold in the future will trigger risk
intervention and risk mitigation. A less formal but more practical way is to define levels of risk
in terms of traffic lights.3 The green zone is the tolerable level, the amber level requires
careful attention and reverting actions, whereas the red zone requires urgent intervention to
restore the level of risk to the green zone. While this system seems very familiar to most
readers, the crucial point here is that future actions need to be predefined in order to
overcome a number of potential biases (see Table 11.4). By setting actions for future
threshold levels in advance, the structure is identical to the opt-out decision-making structure
identified in Chapter 10.

Table 11.3 Biases in risk mitigation phase during crisis situations

Bias Example
Illusion of “We are certain that our decisions will revert the risks back to normal levels quite quickly”
control
Planning “Our crisis intervention will certainly have an effect from tomorrow”
fallacy
Overconfidence “A small change in plans must certainly eliminate these problems soon”
Herding “If all competitors step out of this product to avoid further risks, our company must do so too. Others probably have more
insight than we have. And besides, it is better for our reputation to go down together than to stand out alone.”
Ambiguity “Risk A is actually quite clear, let us focus on this one before we start looking at the other risks, which I do not fully
aversion understand yet”
Zero risk bias “Let us first reduce risk A to zero and we can focus on the other risks later”
Risk-seeking “By taking some minor risks, we might just compensate for the losses that occurred during last month”
Ostrich effect “If I deny this risky situation, everything might just turn out better next month”
Sunk costs “It is impossible to stop this project, even though it costs us too much money – we have already spent a million on it”
fallacy
Analysis “Let us not draw conclusions on this risk too hastily – what more information do we need to make a decision to eliminate
paralysis this risk?”

Human pitfalls are biases such as procrastination and the status quo bias, which lead
decision-makers to delay decisions on how to mitigate a certain risk while in the meantime
losses might be piling up. Also, the sunk costs fallacy might loom. As a result of sunk costs,
decision-makers might be hesitant to cut losses and prefer to allow risks to accumulate
further. The decision to hedge or mitigate a risk can then easily be procrastinated. Being
overconfident and the planning fallacy could result in decision-makers that are too optimistic
about the effectiveness of the risk mitigation actions. For example, the board could decide in
advance to move offices to a different location should sales levels drop to cut costs and avoid
losses. This seems like a sensible upfront decision. If the board factors in that the current
offices would be sold for too high a level, or that they would be sold instantaneously, this is
not so realistic. Also, it is not likely to happen in practice. In other words, losses would pile up
further. This is an example of overconfidence and planning fallacy, and would result in the
status quo.

Table 11.4 Biases during risk mitigation phase in calmer waters

Bias Example
Procrastination “I know that we need to discuss this risk soon, but let’s first discuss something else”
Status quo bias “Thanks for identifying this risk, but I just don’t see why we need to change our processes to avoid the risk from
happening”
Illusion of “Let’s discuss this risk when it becomes urgent – we can take all kinds of actions to stop the risks once we have
control discussed it”
Planning “As soon as this risk reaches critical levels, we will take a decision that will be effective immediately” “Our crisis
fallacy intervention will certainly have effect from tomorrow”
Overconfidence “We can take plenty of actions that will eliminate this risk”
Ostrich effect “If I deny this risky situation, everything might just turn out better next month”
Sunk costs “It is impossible to stop this project, despite the identified risks – we have already spent a million on it”
fallacy

Deciding upon upfront risk mitigation instruments is best done through a default solution with
opt-out options. As discussed in Chapter 10, such structures have enormous advantages
because they circumvent human pitfalls. One of the standard risk responses is to accept a
certain risk. However, in practice one could accept a risk with or without a back-up plan.
Panel 11.2 shows an example of accepting a risk combined with a crisis response plan.

When assessing risk mitigation, a key effect is the risk-seeking behaviour when in loss-
making situations as predicted by prospect theory. This should be taken into account when
designing risk mitigation. The case studies in Chapter 4 also highlight that, after initial losses
have occurred, both individuals and groups are likely to increase risks in order to cover up
losses. This makes it extremely relevant to ensure that risk limits are treated as hard limits
rather than soft limits. Moreover, if risk limits are used as a trigger for a “general discussion”
on the topic rather than to trigger action, these general discussions will mostly not limit the
risks but instead allow them to increase. This is due to the biases such as procrastination,
sunk cost fallacy, illusion of control and overconfidence.

In such discussions, the role of the risk manager is to stick to the agreed-upon principles and
to safeguard the consistency with earlier decision-making. This is an extreme form of
countervailing power, and is very difficult to achieve in practice when there is a lot of peer
pressure. Imagine the peer pressure that Lehman Brothers’ market risk manager faced in the
period before their default in 2008 (see Chapter 4).

Apart from the to-be-decided-upon risk mitigants, scenarios can serve as a simulation tool to
test the effectiveness of the chosen risk mitigation strategy. For instance, the board of the
organisation in Panel 11.2 could test its crisis plan during a simulation scenario to assess its
effectiveness. For instance, one of the findings could be that the plan lacked prepared
communication to clients. Such simulation scenarios enormously improve the chosen
decision. A simulation is also a good sanity check for whether generated ideas will work in
practice.

PANEL 11.2: RISK MITIGATION, DEFAULT AND OPT-OUT STRUCTURE

Let us assume a mid-size not-for-profit company that suffers from serious staff
shortages, with new skilled employees being hard to attract in the regional market.
This is considered the highest strategic risk of the organisation. There have been
many initiatives to hire unskilled or less-skilled employees, and to give them the
required training on the job, combined with official certificates. The company is now
running out of options to hire new staff, and the existing staff runs the risk of becoming
overloaded. The situation is increasingly urgent, but at the moment there is not much
more to be done other than hope the company will survive. The chairperson is still
very optimistic since sales are doing very well and forecasts are only increasing.
Rather than continuing with the strategy of hoping for a miracle, it is now suggested
that the board consider a crisis plan. While the company is still operating well, the
board draws a line between busy but loyal employees and overloaded employees
(risk of burnt out or leaving employees). It is decided what the maximum level of
workload and what level of staff shortages are feasible for each of the main business
lines. This essentially serves as a trigger level to set in motion the crisis plan. The
board then decides upfront which products could temporarily be suspended to avoid
too high a workload for the entire organisation.

The board decides that only a special decision by the audit and risk committee (a non-
executive director committee) could stop the crisis plan from being executed if there
were relevant circumstances that required it. This crisis plan is designed with the
purpose of not having to use it. However, it gives the board members the confidence it
would have an answer in case its highest risk does materialise. The board decides to
accept the strategic risk, but only on the condition of the crisis plan. This is essentially
an opt-out structure, as discussed earlier in this chapter.

The availability cascade is a social fallacy that is best summarised by “if repeated long
enough, something will become true”. If a board member has a strong opinion on a certain
intervention, they can easily convince colleagues through strong repetition of the opinion.
However, testing it in practice will prove or disprove the ideas before they are implemented.

The role of the risk manager during the risk mitigation process is to facilitate the decision-
making process. It is crucial to stick to the phases of the decision-making process that we
identified in Chapter 10. Therefore, the risk manager should explain the phases to the
decision-makers and guide them through the process. The more strategic the decision, the
more analysis is required to support and substantiate it. The risk manager can fulfil the role of
expert to make those analyses. During the analyses and the discussions in (and outside) the
meetings, the risk manager should point out the relevant biases to participants whenever
possible. This is one of the expert roles of the risk manager – if the discussions during
meetings seem to converge too easily and unjustifiably, the risk manager can take on the role
of countervailing power to assess the sensibility of the proposals with an independent review
(see Chapter 13 on countervailing power).

RISK MONITORING
In practice, risk monitoring boils down to reporting to the board, but what to report? Since risk
reports often include quantitative information, needless to say this data should be presented
well and understandably for the decision-maker. The halo effect is also certainly worth
mentioning: if presented well, receivers of a report are likely to value the content of that report
higher than if it were not so well-presented. Presentation matters! Equally important, is the
data in a report linked to a decision to be made? In other words, does the data link to the risk
triggers mentioned in the previous section? It is crucial for decision-makers to recognise the
decision to be made, even when a particular decision is actually already pre-made during the
policy-making phase when it was decided that certain triggers will automatically result in pre-
agreed actions, such as in a default response. Table 11.5 provides examples of human
biases that could occur.

In addition to risk reports on the actual risks, there are also risk reports highlighting the
progress update on the risk mitigation actions when they are non-standard. This is more of an
update on project deliverables rather than a quantitative/qualitative update on the underlying
risk profile. For instance, the strategic risk of employee shortage in Panel 11.2 could be
reported in terms of the actual number of vacancies or workload per employee, but also in
terms of progress of the implementation of hiring initiatives. If all risk mitigation actions are
effective and finalised, they should decrease the risk. However, in practice this might not
always be a perfect match, and therefore it is recommended the two perspectives be
combined.

Table 11.5 Biases during risk monitoring phase

Bias Example
Halo effect “This report looks a bit clumsy, so the results are probably incorrect. The risks are not so high as the report suggests.”
Overconfidence “The report shows high risk outcomes, but it will probably be okay in the end”
Analysis “Let us not draw conclusions on this risk report too hastily. What if we analyse a number of aspects in more detail? Are
paralysis we sure the report is correct?”
Group think “As the other board members are not paying attention to the risks in the report, I can therefore assume that it is not that
important after all”
Selective “I see multiple risks mentioned in the risk report. I like one section of the report best, so the other parts where high risks
perception are mentioned are probably less important.”

The role of the risk manager in this phase of the risk cycle is predominantly data gathering
and data analyst in order for the board to be properly informed. Also, the risk manager could
point out to the board the potential pitfalls in assessing the risk report.

MAKING THE MOST OF THE RISK APPETITE STATEMENT

A risk appetite statement is an important risk management instrument for boards to ensure
that the total amount of risk stays within predefined limits. Chapter 2 defined the concept of
risk appetite in general terms. In practice, risk appetite statements are often phrased in such
general terms that it is difficult to steer concrete actions or decisions. Therefore, it needs to
be very practical and serve as guidance for decision-making. The advantage of a practical
risk appetite statement is that it helps the board to consider tolerances while outside the crisis
situation.

When the risk levels are already very high, there is such urgency that a crisis committee
would do a better job than the board in its entirety. Also, the focus should be on damage
control and stopping the situation rather than thoughtfully considering the widest range of
potential actions. Nevertheless, there are quite a number of biases, as Table 11.3 showed.

Typically, risk appetite statements make use of risk tolerance levels according to a traffic-light
structure. Identifying the thresholds for the green, amber and red zones is not particularly
easy, quite the opposite. Even worse, most of the time there is no objectively determined
threshold, but rather a rule of thumb based on a common understanding. As an example, a
non-life insurer applies the (risk appetite) rule that underwriting risks should always be at
least 50% of the total risk profile (see also Chapter 2). Put differently, market risks or non-
financial risks could never exceed the underwriting risk.

Risk tolerance levels could be set in line with regulatory capital amounts, which is often the
case. This has the following drawbacks:

regulatory capital is linked to VaR; and

regulatory capital is only defined for the risk categories defined in Basel III or Solvency II, so
there is a potential to overlook important risks that do not bear a capital requirement.

By setting the thresholds, the board should be aware of overconfidence and the control
illusion: the room to manoeuvre in a crisis is usually smaller than what was perceived in
advance. In other words, the amber zone should be wide enough. In the example of the non-
life insurer with the 50% insurance risk threshold, it would be wise to set a first indicator to
measure that the non-underwriting risks approach 45% rather than 49% because they might
not be quickly steered away from the threshold.

Just when investments are getting riskier, hedging also gets more difficult or expensive. The
decision to take a risk mitigation measure when the prices of hedging have just gone up is
usually problematic: status quo bias and procrastination may loom. Therefore, it would be
better to have wider rather than tighter zones for an early warning trigger to have effect.

As defined earlier, the risk appetite should not only define the actual zones of the risk profile
but also link this to actions or decisions. A default solution with opt-out structure is the best
method.

To avoid the biases defined in Table 11.3, the board should decide upfront in what way it
wishes to intervene when risks breach the risk tolerance level. This allows for early
intervention and navigates the board around the behavioural pitfalls.

Panel 11.3 shows an example of a traffic-light structure. It shows clear trigger levels between
the three zones, and also highlights the actions to be taken in each of the three zones,
formulated in the opt-out structure as proposed earlier in this chapter.

PANEL 11.3: PENSION FUND RISK APPETITE

Pension fund XYZ manages a defined contribution pension scheme for workers in the
telecom industry. The fund has 25,000 participants and €23.8 billion of assets, with
11% surplus. The main financial risk drivers are the interest rate risk and equity risk.
The board has decided upon a risk appetite as shown in Table 11.6.
The purpose of the example in Table 11.6 is the structure of the risk appetite. One
may or may not agree with the actual policy choices, but that is part of another debate
and depends on the actual pension liabilities, among others.

Table 11.6 Pension fund XYZ: Risk appetite framework

Risk Green zone Amber zone Red zone

type
Interest Liabilities are in Mismatch is getting out of sync, but there is no Mismatch is out of sync and needs to be
rate line with policy, urgency. Situation needs to be closely restored in one quarter. Assets can be liquidated
risk meaning that monitored, but there is a one-year time horizon as soon as possible to revert to preferred 50%
duration is 50% to restore. Triggers:
1. duration hedge less than 45%; or hedge.1.Triggers:
duration hedge less than 40%; or
2. a net loss of surplus of 10% within 2. net loss of surplus of 10% within
hedged.
three months. one month.

Equity Allocation to Triggers:

1. equity allocation has used 4% of
risk equities of 35% bandwidth; regular rebalancing is
(bandwidth 5%
still possible due to stable markets;
around this
benchmark). report to investment committee; or
2. equity losses of 5% in last month,
Markets markets seem to destabilise
relatively stable.
according to leading market
indicators (set in investment policy);
prepare liquidation proposal to
investment committee, up for next
regular meeting.
Triggers:
1. bandwidth of 5% used; automatic
rebalancing at all costs within one
month; report to investment
committee; or
2. 10% equity losses in last month;
automatic liquidation of 20% stock
portfolio and exchange for safe assets
to avoid large losses in market crash;
this decision can be overruled by
crisis meeting of investment
committee.

CONCLUSION
This chapter has looked into the pitfalls that could occur in the risk management process. We
assessed each phase of the risk cycle and how behavioural biases could cause issues. For
most of the issues, awareness is the first step. In addition, organising countervailing power
and a divergent range of perspectives could be helpful. The previous chapter discussed the
decision-making process and methods to avoid social biases such as groupthink and
conformation to authority, and these methods should also be applied to the risk management
process. By way of a summary, Table 11.7 identifies a number of specific solutions to avoid
being trapped in the pitfalls during the process.

Throughout the process the role of the risk manager is to facilitate the setting in such a way
as to avoid decision-makers falling into the behavioural traps. Sometimes this requires the
risk manager to be firm and stick to the principles, such as risk limits to prevent risk-seeking
behaviour after being faced with losses, or keep inviting more people to offer more
perspectives to forestall narrow-minded thinking.

Table 11.7 Behavioural tools for the risk management process

Behavioural tools for the risk management process

Installing countervailing power to challenge perspectives
Using exploration scenarios to ensure a broad range of risks is taken into
consideration
Slowing down the decision-making process and allowing time to be critical and actively open minded, which activates System 2 thinking
and avoids some behavioural pitfalls
When measuring the risk with VaR, ensuring robustness testing for critical parameters and assumptions at the same time when the initial
VaR outcome is presented; this could help to “de-anchor” the measurement
Combining quantitative (VaR) risk measurement with qualitative aspects to enrich the picture
Pre-mortem as a tool to assess weaknesses of a proposal for risk mitigation
Implementing a risk appetite with multiple triggers, structured with a default solution with opt-out possibilities; then, stick to the risk appetite
Applying simulation scenarios to assess the robustness of current risk mitigation policies and procedures.
Special care is needed when the risk response is to “accept” a risk; if a risk is accepted, a set of triggers (linked to the risk appetite) can be
useful to avoid losses escalating if a certain risk materialises. In this case, the triggers should be tested by using simulation scenarios.

During many of the phases, the risk manager is both the facilitator of the risk process and the
expert providing countervailing power or content expertise. This is a role that may be difficult
to combine. When these roles conflict, the risk manager should consider finding another
person to assist with one of the roles. This allows for a focused approach, and ensures role
consistency throughout the risk management process.

prev chapter next chapter

Contents

Preface

1. An Introduction to Behavioural Risk Management

2. Risk Management Context

3. Value-at-Risk as the Dominant Risk Management Tool in the Financial Industry

4. Case Studies on Risk Management Failure

5. The Role of Regulation in Risk Management

6. Advances in Behavioural Economics and Finance

7. Behavioural Issues with Probability

8. Systems Theory

9. Using Scenarios

10. Making Robust Decisions

11. Advances in the Risk Management Process

12. Behavioural Risk Management in the Financial Markets

13. Countervailing Power

14. Behavioural Risk Management: Closing Thoughts

Appendix: Selective list of Behavioural Biases

Bibliography

RECOMMENDED BOOKS

The RMB Risk Model Operational Risk Behavioural Risk Navigating Internal Models Systematic Collateral Markets Inflation-Sensitive
Handbook: Validation (3rd Capital Models Management European Energy and Solvency II Trading in Energy and Financial Assets
Trading, Investing edition) (2nd edition) and Commodity Markets Plumbing (3rd
and Hedging Markets Edition)
Regulation
About us Contact us Advertising Help Centre Terms and conditions Privacy policy

California Privacy Rights – Do not sell my information

© Infopro Digital Risk (IP) Limited (2020). All rights reserved. Published by Infopro Digital Services Limited, 133
Houndsditch, London, EC3A 7BX. Companies are registered in England and Wales with company registration
numbers 09232733 & 04699701. Best Digital B2B Publishing Company