Foundations of Risk Management Chapter 1 Summary

Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
P1.T1. Foundations of Risk

Chapter 1. The Building Blocks of Risk Management
Bionic Turtle FRM Study Notes

EXPLAIN THE CONCEPT OF RISK AND COMPARE RISK MANAGEMENT WITH RISK TAKING.................. 3
EVALUATE, COMPARE, AND APPLY TOOLS AND PROCEDURES USED TO MEASURE AND MANAGE RISK,
INCLUDING QUANTITATIVE MEASURES, QUALITATIVE RISK ASSESSMENT TECHNIQUES, AND
ENTERPRISE RISK MANAGEMENT. .............................................................................................. 5
DISTINGUISH BETWEEN EXPECTED LOSS AND UNEXPECTED LOSS AND PROVIDE EXAMPLES OF
EACH....................................................................................................................................... 8
INTERPRET THE RELATIONSHIP BETWEEN RISK AND REWARD AND EXPLAIN HOW CONFLICTS OF
INTEREST CAN IMPACT RISK MANAGEMENT. ................................................................................ 8
DESCRIBE AND DIFFERENTIATE BETWEEN THE KEY CLASSES OF RISKS, EXPLAIN HOW EACH TYPE OF
RISK CAN ARISE, AND ASSESS THE POTENTIAL IMPACT OF EACH TYPE OF RISK ON AN
ORGANIZATION. ........................................................................................................................ 9
EXPLAIN HOW RISK FACTORS CAN INTERACT WITH EACH OTHER AND DESCRIBE CHALLENGES IN
AGGREGATING RISK EXPOSURES. .............................................................................................16
Optional Appendix: This learning objective was removed from the curriculum in 2021.
We’ve placed it in this appendix for optional reading.
DESCRIBE ELEMENTS, OR BUILDING BLOCKS, OF THE RISK MANAGEMENT PROCESS AND IDENTIFY
PROBLEMS AND CHALLENGES THAT CAN ARISE IN THE RISK MANAGEMENT PROCESS....................17
2

 Explain the concept of risk and compare risk management with risk taking.
 Evaluate, compare, and apply tools and procedures used to measure and manage
risk, including quantitative measures, qualitative risk assessment techniques, and
enterprise risk management.
 Distinguish between expected loss and unexpected loss and provide examples of
each.
 Interpret the relationship between risk and reward.
 Describe and differentiate between the key classes of risks, explain how each type of
risk can arise, and assess the potential impact of each type of risk on an organization.
 Explain how risk factors can interact with each other and describe challenges in
aggregating risk exposures.
Explain the concept of risk and compare risk management with risk
taking.
We can refer to risk generally as variability or—in the case of financial risk specifically—we can
refer to risk as volatility:
 Risk is the variability of adverse outcomes that are unexpected (general)
 Financial risk is volatility (volatility as a special case of variability) of unexpected losses
Key aspects of this definition

 Risk is not expected loss
 Risk is the potential for unexpected loss. Further, greater variability (or uncertainty) in
these unexpected losses is a greater risk.
 Some authors distinguish between uncertainty and risk, where risk is quantifiable
uncertainty. Not all FRM authors require this distinction. For some, even when
uncertainty has not been quantified—or has yet to be quantified—the uncertainty still
qualifies as “risk.” This should be intuitive: unquantified risks can pose the greatest
catastrophic threats
Technically (in insurance terms), risk is neither peril nor hazard:

 A peril is the cause of a loss
 A hazard increases the probability (and/or frequency and/or severity) of a loss
 A risk is the variability of an unexpected loss or adverse outcome (for our purposes)
3
Risk is not identical to the magnitude of a loss.

 Some costs, such as housing or education, are large but predictable. Because they are
predictable, they are not a genuine risk. Risk excludes expected losses.
 Risk refers to the variability or dispersion of losses. For example, a sudden and
unpredicted cost is a manifestation of risk.
While everybody has an intuition about risk, a formal treatment of risk requires statistics
 For example, we might assign probabilities to different future scenarios. Then we can
calculate a standard deviation, which is a way to measure the risk.
 Probably the most essential component of this formal treatment of risk is the use of
probability distribution: a probability distribution quantifies risk.
 A probability distribution enables us to quantify value-at-risk (VaR) and unexpected loss
(UL) because every probability distribution contains a loss quantile associated with a
confidence level.
For example, if a standard normal distribution characterizes our loss distribution, then
the 95th percentile (aka, 0.95 or 0.050 quantile) lies at -1.645 or +1.645, depending on
our format is P(+)/L(-) or L(+)/P(-);, i.e., depending on whether losses are mathematically
assigned positive values for the sake of convenience. In the case of a 95.0% confidence
level, because we only care about the loss side of the distribution, we can refer to this as
either the 0.050 or 0.950 quantile, given we realize that the format can be either P(+)/L(-)
or L(+)/P(-).
Knightian uncertainty illustrates the distinction between uncertainty and risk. Knightian
uncertainty “is a lack of any quantifiable knowledge about some possible occurrence, as
opposed to the presence of quantifiable risk”1 In this way, the difference between uncertainty
and risk is our ability (or attempt) to quantity. Similarly, much of what is called “risk” is the
identification and specification of a probability distribution; for this reason, probability
distributions are key ingredients in risk!
The definitions of value-at-risk (VaR) and economic capital (EC) depend on the definition
of unexpected loss (UL)
 VaR is the worst expected loss associated with some confidence level (typically 95%
or 99%) over some horizon (e.g., one day, three months, one year). VaR requires a
confidence level and a time horizon, such that many VaRs are possible.
For example, we might say that our options position has a one-day VaR of $1.0 million at
the 99.0% confidence level, meaning that our risk analysis shows that there is only a
1.0% probability of a loss that is greater than $1.0 million on any given trading day.2
 Economic capital is the risk capital employed by the firm to absorb unexpected losses
(UL) such that we can typically define economic capital as a multiple of UL, even if the
multiple is simply 1.0.
1 See https://en.wikipedia.org/wiki/Knightian_uncertainty
2 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
4
Evaluate, compare, and apply tools and procedures used to measure

and manage risk, including quantitative measures, qualitative risk
assessment techniques, and enterprise risk management.
Qualitative measures and the drawbacks of naming (and categorizing) risks
We can parse portfolio risk according to the type of risk. These are the three major
broad risk categories that are controllable and manageable:
1. Market risk is the changes in market risk factors that tend to be general in nature. The
most common include interest rates, foreign exchange rates, and asset (e.g., equity or
commodity) price factors.
2. Credit risk refers to default, credit deterioration, adverse migration, or rating
deterioration (e.g., downgrade from investment to speculative-grade)
3. Operational risk most often refers to Basel’s definition: “the risk of loss resulting from
inadequate or failed processes, people and systems or from external events.”3 This is
not the only definition, especially because the boundaries of operational risk are less
discrete than market or credit risk. Because operational risk often interacts with other
risk types, it is the hardest to define and has no single agreed-upon definition. Famously,
this regular definition of operational risk excludes strategic and reputational risk but
does include legal risk.
Classification schemes are valuable but also dangerous.

 We need to name (aka, give a label) a risk to measure and manage the risk. As soon as
we name a risk, we typically assign the risk to a category.
 But categories are not necessarily exhaustive. We may deceive ourselves into thinking
that we have mapped all important risks simply because we can assign our risks to a
category. However, our categories may contain gaps.
For example, a sharp peak in market prices will create a market risk for an institution.
Yet, the real threat might be that a counterparty to the bank that is also affected by the
spike in market prices will default (credit risk) or that some weakness in the bank’s
systems will be exposed by high trading volumes (operational risk).4
 Categories may encourage so-called silos of expertise. These silos are redolent of and
may reflect organizational silos. While this silo orientation may be efficient with respect
to the specific risk, it may neglect emergent issues and properties that are relevant to the
overall organization.
3 Principles for the Sound Management of Operational Risk https://www.bis.org/publ/bcbs195.pdf

5
There is an important trend toward enterprise-wide risk management (ERM)

 ERM is a holistic approach that aims to overcome the limitations of organizational silos
 ERM incorporates risk into business decisions rather than isolating risk or treating risk
measures as separate add-ons
 ERM has a top-down orientation or at least incorporates a top-down perspective: the
board of directors defines a risk appetite and defines risk limits (for example), which may
“cascade down” into the organization. In this way, business units (or divisions) are not
isolated from the overall firm’s needs.
 ERM employs innovative methods and tools. These may include methods from other
disciplines, experimental methods, and new technologies (e.g., cloud/ERP platforms).
 ERM blends with capital management tools because risk influences capital allocation
decisions. This is increasingly a trend.
 ERM morphs traditional tools into new tools. For example, VaR was developed for
market risk, but under the ERM umbrella, VaR and economic capital are used to
aggregate risk horizontally (e.g., across risk types) and vertically in the organization. As
another example, scenario analysis is employed with software to illustrate more
sophisticated multivariate macroeconomic scenarios.
Quantitative Measures
Risk measurement requires assigning numbers to classified risks.
 Absolute (aka, ratio or interval) values enable carefully weighed decisions, but even
categorical rankings (aka, ordinal values) enable useful comparisons.
 The mere assignment of a numerical value does not render the value necessarily useful!
Only some numbers are effectively useful in comparison.
For example, using the face value or “notional amount” of a bond to indicate the risk of a
bond is a flawed approach. A million-dollar position in a par value 10-year Treasury bond
does not represent at all the same amount of risk as a million-dollar position in a 4-year
par value Treasury bond.5
 VaR is perhaps the most prominent “sophisticated” risk measure
o Because VaR is just a statistical quantile, it can be used for comparisons.
o VaR works better in practice under so-called “normal” conditions. If markets are
abnormal (e.g., regime-changing), VaR is less effective. Most notably (and a key
lesson from the GFC), VaR requires adjustment when markets are illiquid.
o VaR favors short horizons: one-day VaR is likely more accurate than one-year VaR.
o VaR requires a robust control environment: VaR may be a risk measure, but it
requires a risk management context.
6
GARP’s ten risk management building blocks

GARP6 focuses on the following ten “building blocks” of risk management:
1. The risk typology

2. The process of risk management. For example, in an organization, this necessarily
involves governance (roles and responsibilities).
3. Discerning known versus unknown risk. Risk is measurable (aka, risk proper) and
includes expected/unexpected losses (EL & UL). Knightian uncertainty includes “known
unknowns,”; aka unmeasurable uncertainty. Finally, there exist the “unknown
unknowns.” GARP asserts that risk managers must be looking for these unknown
unknowns.
4. Quantitative risk metrics, including expected loss (EL), unexpected loss (UL), and
measures of tail loss, in particular, expected shortfall (ES)
5. The identification (breakdown) of risk factors and the interaction between risk factors
6. Aware of complex systems and structural change (“from tail risk to systemic crisis”).
7. Human agency and conflicts of interest. This is why many first employ the “three lines of
defense:” Business line (first), risk managers with oversight (second), and period
independent review or audit (third line)
8. Risk aggregation. Economic capital (EC) is a popular approach to aggregation.
9. Balancing risk and reward (see RAROC below)
10. Enterprise risk management (ERM) is the focus of Chapter P1.T1.Chapter 8.
Risk-adjusted return on capital (RAROC)

Most practitioners are at least familiar with risk metrics such as value or risk (VaR) or even
expected shortfall (ES). Additionally, financial analysts are proficient in return-type metrics such
as return on equity (ROE) or earning per share (EPS). Similarly, most systems are able to
analyze profitability by group or product line. But a more sophisticated approach is to link risk
and reward (aka, return) into a single measure, such as risk-adjusted return on capital
(RAROC). In its general form, RAROC is given by:
After-tax net risk-adjusted expected return ÷ Economic capital (EC)
In this way, economic capital is a fully loaded measure of risk that includes both expected loss
(EL) and unexpected loss (UL). RAROC is theoretically superior to older methods (e.g., IRR or
NPV) because it explicates the risk of the project (although NPV can attempt to do this via
calibration of the discount rate). If the RAROC exceeds the cost of equity, the project is
desirable.7
However, there are two disadvantages of RAROC: lack of a uniform (or regulatory) definition
and implementation difficulty. Says GARP about RAROC, “There are many variants on the
RAROC formula, applied across many different industries and institutions. Their level of
sophistication varies but all have the same purpose: to adjust performance for risk … There are
many practical difficulties in applying RAROC, including its dependence on the underlying risk
calculations. Managers of business divisions often dispute the validity of RAROC numbers,
sometimes for self-interested reasons.” 6
6 Education, Pearson. Foundations of Risk Management. Pearson Learning Solutions, 2020. VitalBook file.
7 Please be aware of a theoretical improvement to RAROC called adjusted RAROC (i.e., ARAROC) that is introduced
in FRM Part 2 but outside our current scope.
7
Distinguish between expected loss and unexpected loss and provide

examples of each.
Expected loss is typically the weighted average (aka, mean) loss. For example, if a bond’s face
value is $1,000 and its default probability is 2.0% with no expectation of recovery, the expected
loss is $1,000 × 2.0% = $20.00. Note this is the expected loss (EL) even though the actual loss
is likely to be either zero or $1,000; i.e., the expected loss is not necessarily itself an outcome.
Expected loss is generally treated as a “cost of doing business” and consequently is often built
into the pricing of a product.
As a portfolio increases in size and gains diversification, the actual losses incurred should
converge on the expected loss. The more granular (aka, less lumpy) is the credit portfolio, the
more the actual losses should converge on the expected loss.
The unexpected loss (UL) is the standard deviation of around (or about) the expected loss; UL
refers to the dispersion of expected losses. In credit risk, unexpected loss is given by:
= $ =
Interpret the relationship between risk and reward and explain how
conflicts of interest can impact risk management.
The relationship between risk and reward
The traditional view is that higher risk implies a higher return, but this is not always observed:
sometimes less risky assets counterintuitively exhibit higher returns! Firstly, we need sufficiently
efficient markets to infer implied risk premiums; inefficient markets cloud the relationship, as the
impact of illiquidity is variant to many conditions. Complications include:
 Bond markets: bond prices often indicate relative risk; however, technical factors
(especially liquidity and tax effects) add confusing signals.
 The traditional risk-reward relationship is especially distorted in the absence of traded
instruments: trading enables price discovery.
Investor appetite for risk varies over time. That was the case during the period from
early 2005 to mid-2007, until the eruption of the subprime crisis. With the eruption of the
crisis, credit spreads moved up dramatically and reached a peak following the collapse
of Lehman Brothers in September 2008.8
Conflicts of interest
Compensation incentive programs can distort the risk-reward relationship. The notorious
example, written in countless case studies, is the annual bonus. The firm pays such bonuses for
recent performance, but the risks incurred might have been delayed into future years.
8
Describe and differentiate between the key classes of risks, explain

how each type of risk can arise, and assess the potential impact of
each type of risk on an organization.
We can group risk factors together into the following categories:9
 Market risk  Legal and regulatory risk

 Credit risk  Business risk
 Liquidity risk  Strategic risk
 Operational risk  Reputation risk
These categories can be broken down into more specific categories, as shown below. Please
note that market risk and credit risk are referred to as financial risks.
FIGURE 1A-2 Schematic Presentation, by Categories, of Financial Risks9
General market
risk
Equity Price Risk
Trading Risk
Market Risk Interest Rate Risk
Specific risk
Gap Risk
Foreign Exchange
Risk
Commodity Price
Risk
Financial Risks
Transaction risk Issue Risk
Credit Risk
Porfolio concentration Issuer Risk
Counterparty
credit risk
9
Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
9
Risk Typology
Market Risk
Market risk may reduce a position’s (i.e., security or portfolio) value due to a change in financial
market variables, especially prices or interest rates. Market risk includes equity price risk,
interest rate risk, foreign exchange risk, and commodity price risk.
 Price risk parses into a general market risk component and a specific
market risk component.
 Market risk specifically depends on the context. For example,
In the case of a fund, the fund may be marketed as tracking a specific benchmark. Here,
market risk is important to the extent that it creates a risk of tracking error.10
Basis risk is a type of market risk that cannot be avoided when a position is hedged, as it refers
to unanticipated changes in the basis (the price difference between the exposure and the
hedge) that render the hedge imperfect.
The Four Types of Market Risk

1. Interest rate risk
2. Equity price risk
3. Foreign exchange risk
4. Commodity price risk.
Interest Rate Risk

Interest rate risk includes trading risk and gap risk; gap risk is when the firm’s balance sheet is
adversely impacted by sensitivities of its assets and liabilities to interest rate movements. The
most obvious interest rate risk is the drop in a bond’s price (and therefore the value in a long
bond position) when interest rates increase.
Curve risk is when the fixed income is hedged against parallel shifts in the yield curve (e.g.,
duration or DV01 hedged) but are exposed to non-parallel shifts such as twists or
steepening/flattening.
Equity Price Risk

Equity price risk is primarily stock price volatility, and it includes:
 General market risk: sensitivity to a change in the level of broad market indices
 Specific (aka, idiosyncratic) risk: determined by features specific to the firm. Specific risk
includes management quality and (typically) operational risk events
An important portfolio theory concept is that diversification eventually eliminates specific risk,
but general (aka systematic) risk cannot be eliminated via diversification.
10 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
10
Foreign Exchange Risk

Foreign exchange (FX) risk occurs from positions in foreign currency denominated assets and
liabilities.
 FX risk is often natural (due to business operations) rather than a function of FX trades.
 FX volatility can swiftly erode cross-border investments
 The major drivers of FX risk are correlations between currency prices and volatility in
country (foreign) interest rates.
Commodity Price Risk

Commodity price risk is distinct because it is especially vulnerable to suppliers, as in supply and
demand. Many commodity markets feature concentrated supply, i.e., fewer numbers of larger
suppliers.
 Additionally, commodity prices are responsive to fundamentals, especially storage costs
but also the convenience yield. These are factors in the cost of carry model.
 Although commodities can be classified in various ways (e.g., hard versus perishable), in
regard to valuation and risk, our primary distinction is between consumption
commodities (e.g., corn) versus investment commodities (e.g., S&P 500 Index).
Credit Risk
Credit risk is the possibility of financial loss due to counterparty default or credit deterioration,
which is an increase in the probability of default. In this way, under credit risk, we include
default, deterioration, downgrade (aka, adverse migration).
The Four Types of Credit Risk

1. Default risk is an incapacity (or refusal) to make a payment obligation within the grace
(or relief) period.
2. Bankruptcy risk is the transfer of the collateralized assets of a defaulted borrower or
counterparty.
3. Downgrade risk is the risk of credit deterioration, which happens to be formalized in a
credit rating change. Deterioration may not result in a downgrade but will typically be
reflected in an increase in the credit spread.
4. Settlement risk is the risk due to the short-term exchange of cash flows when settling a
transaction. This risk is most acute in the case of foreign exchange transfers because (i)
notional amounts are exchanged and (ii) different time zones are spanned.
11
The CDS market has struggled to define the kind of credit event that should trigger a payout
under a credit derivatives contract. Major credit events, as formalized by the International
Swaps and Derivatives Association (ISDA), include:11
 Bankruptcy, insolvency, or payment default
 Obligation/ cross-default, which means the occurrence of a default (other than failure to
make a payment) on any other similar obligation
 Obligation acceleration, which refers to the situation in which debt becomes due and
repayable prior to maturity (subject to a materiality threshold of $ 10 million, unless
otherwise stated)
 Stipulated fall in the price of the underlying asset
 Downgrade in the rating of the issuer of the underlying asset
 Restructuring (this is probably the most controversial credit event)
 Repudiation/ moratorium, which can occur in two situations: First, the reference entity
(the obligor of the underlying bond or loan issue) refuses to honor its obligations.
Second, a company could be prevented from making a payment because of a sovereign
debt moratorium (e.g., the City of Moscow in 1998).
The following are fundamental terms in credit risk:

 An asset has credit risk when it is in a position with positive replacement value.
 An exposure, or exposure at default (EAD), has two components in the future at the time
of default: the portion that is eventually recovered and the portion that is unrecovered
(aka, lost). Recovery value is often expressed as recovery rate. The percentage lost is
called the loss given default (LGD). These components sum to 1.0 or 100%. For
example, a 35.0% recovery rate implies a 1 – 35.0% or 65.0% LGD.
 Current exposure is approximated by, or synonymous with, current replacement value.
However, firms must also look forward in time to specify the distribution of potential
future exposures.
2014)
12
Credit Risk at the Portfolio Level

Three factors influence portfolio credit risk:
1. Credit quality of the obligors: This factor must be addressed by the level of the
interest rate charge, which must be high enough in order to cover the cost of expected
losses.
2. Concentration risk: This can be industry, sector, or geographical concentration. In
general, this risk is addressed by limits.
3. The overall economy (aka, macroeconomic conditions): Defaults have a marketed
tendency to increase (or even spike) during economic downturns and to decrease during
economic expansions.
Liquidity Risk
Liquidity risk refers to either funding liquidity risk or trading liquidity risk, although they can
interact (including in a downward spiral).
 Funding liquidity risk is the firm’s ability to raise cash and/or refinance (including roll-
over) debt in order to meet liquidity needs. Quantification of this risk is often difficult.
 Trading liquidity risk (aka, liquidity risk) is the risk that a position cannot be exited at
the prevailing market price. There is grave liquidity risk if a so-called fire sale is required.
Operational Risk
Operational risk refers to potential losses resulting from a range of operational weaknesses,
including inadequate systems, management failure, faulty controls, fraud, and human errors (in
the financial services, operational risk often also includes natural or man-made catastrophes).
 Derivatives are prone to operational risk and require tight controls. Derivative trades are
leveraged (by definition) and therefore more prone to operational risk than cash
transactions. Complex derivatives further require sophisticated valuation, which is an
operational risk (i.e., model risk). The recent history of notable (and/or large) derivative
trading losses that are “case studies” are disproportionally the consequence of
operational failures.
 Operational risk includes human factor risk (aka, human or pilot error), e.g., data mis-
entry, inadvertent file destruction.
 Operational risk also includes technology risk and fraud
13
Legal and Regulatory Risk

Legal and regulatory risk is included as an operational risk.
 For example, a counterparty might lack the legal or regulatory authority to engage in a
risky transaction. Legal and regulatory risks are classified as operational risks under
Basel II Capital Accord.12
 In the derivative markets, legal risks might only manifest when money is lost on a
transaction and the investor files a lawsuit.
 Regulatory risk includes an unanticipated change in the law, e.g., tax law change
impacts the value of a position.
For example, when the British government changed the tax code to remove a specific
tax benefit during the summer of 1997, one major investment bank suffered huge
losses.12
Business Risk
Business risk is the fundamental risk inherent in the conduct of business; it is an umbrella that
includes risks generally encouraged by investors (who are not seeking to eliminate risk as they
have safer alternatives). Business risk includes the costs of doing business, pricing dynamics,
and demand changes in the demand (for product) curve.
 Managing business risk, including making strategic decisions, is the primary job of
management
 The Basel II Accord excludes business risk from the definition of operational risk,
although many believe it is more impactful on bank revenue than the operational
event/failure risks that regulators do include within bank minimum capital requirements.12
 Business risk is also known as business/strategic/reputation risk.
Strategic Risk
Strategic risk is the risk that the firm’s strategy is sub-optimal, flawed, or worse; it concerns the
choice of customers and markets in the context of a competitive landscape. A good framework
for analyzing strategy risk is Porter’s five forces13. This Porter framework evaluates strategy in
the context of five forces – the threat of new entrants, threat of substitutes, bargaining power of
customers, bargaining power of supplier, and intensity of competitive rivalry.
2014)
13 See https://en.wikipedia.org/wiki/Porter's_five_forces_analysis
14
Reputation Risk
Reputation risk parses into two primary classes14:
1. The belief an organization will honor its promises to counterparties and creditors.
2. The belief an organization is an ethical and fair dealer.
Reputation risk is a rising concern due to the rapid growth of social networks such as Facebook
and LinkedIn: bad news about a firm, or rumors, can “go viral.”
Reputation risk is especially important to financial institutions because they require the
confidence of their constituents, including customers, creditors, and regulators. Banks are
further under pressure to demonstrate their commitment to environmental, social, and corporate
governance (ESG) principles.
 As a defensive mechanism, ten international banks from seven countries announced in
June 2003 the adoption of the “Equator Principles,” a voluntary set of guidelines
developed by the banks for managing social and environmental issues related to the
financing of projects in emerging countries.
The Equator Principles are based on the policy and guidelines of the World Bank and
International Finance Corporation (IFC) and require the borrower to conduct an
environmental assessment for high-risk projects to address issues such as sustainable
development and use of renewable natural resources, human health, pollution
prevention, and waste minimization, and socioeconomic impact.14
Systemic Risk (is any threat to financial stability)

Systemic risk is the potential for a domino-like chain reaction that ripples from firm to firm across
the financial system. In short, systemic risk is any threat to financial stability.
 The trigger (for systemic risk) might be losses at an individual firm. But perception, loss
of confidence, and uncertainty then quickly become the problem. Participants panic and
seek a “flight to quality.” Contagious reactions then propagate dislocation into otherwise
calm markets with “knock-on” effects.
 The ensuing downward spiral: panic triggers margin and collateral calls as asset prices
fall. In order to meet these calls, counterparties must step up their selling, which further
depresses prices.
 The failures and near-failures of Bear Stearns, Lehman Brothers, and AIG during the
financial crisis of 2007–2009 all contributed to systemic risk by creating massive
uncertainty about which of the key interconnections would transmit default risk.14
 The Dodd-Frank Act established a Financial Stability Oversight Council (FSOC) whose
job is to identify systemic risks. In 2018, The President signed a partial repeal.
2014)
15
Explain how risk factors can interact with each other and describe
challenges in aggregating risk exposures.
The job of risk managers includes analyzing (breaking down, deconstructing) risk factors into
their fundamental drivers. Often, this involves layers of analysis─larger factors are
deconstructed into their smaller determinants or sub-factors. Ideally, the risk manager wants to
identify and understand all significant and relevant risk factors and their sub-factors.
To score the risk factor, the risk manager wants to look for its sub-factors. For example, cyber
risk is a broad umbrella that must be defined by its components.
Historically, the limitation was data availability. However, big data (accompanied by machine
learning) enables profound analysis granularity. It is reasonable to expect that an implication of
data science is that risk managers will discover new risk factors; at a minimum, the granularity
of the risk typology will be increased.
16
Optional Appendix: This learning objective was removed from the

curriculum in 2021. We’ve placed it in this appendix for optional
reading.
Describe elements, or building blocks, of the risk management

process and identify problems and challenges that can arise in the
risk management process.
There are ten building blocks in risk management:15
3. The risk management process
4. Identifying risk: knowns and unknowns
5. Expected loss, unexpected loss, and tail loss
6. Risk factor breakdown
7. Structural change: from tail risk to systematic crisis
8. Human agency and conflicts of interest
9. Typology of risks and risk interactions
10. Risk aggregation
11. Balancing risk and reward
12. Enterprise risk management (ERM)
15 2020 FRM Part I: Foundations of Risk Management, 10th Edition. Pearson Learning Solutions
17
Figure 1.1 - The Risk Management Process16

Risk management concerns the firm’s selection of
its appropriate type(s) and level(s) of risk. Most
business decisions involve a sacrifice of current
resources for uncertain future returns. In this way,
risk management and risk-taking aren’t opposites
but two sides of the same coin. At the core of the
management process is the capacity to make
forward-looking choices about risk in relation to
reward and to evaluate performance.
The type of risk can be more important than (or at

least as important as) the magnitude of risk. This
perspective tends to vary by industry.
Manufacturers might tolerate operational risk but
worry more about credit risk. Investors are a classic
in this regard: they tend to overlook certain risks but
punish a company for losses that manifest risk
types that signal deeper concerns.
Risk management generally involves four basic

choices by the firm’s managers:
 Avoid Risk: This is the simplest choice. For
example, the firm may decide to avoid risk
by exiting or selling a business.
 Retain Risk: It is important to recognize that
all risks are not meant to be avoided or
minimized. The firm’s risk appetite implies that some risks should be retained. Investors
expect the firm to assume risks, as they have risk-free alternatives!
 Mitigate Risk: A key function of risk management is to mitigate risk. This is the classic
function of a hedge. The risk is retained but also reduced. There is an entire category of
credit risk mitigation (CRM) techniques, including, for example, the use of collateral.
 Transfer Risk: Derivatives are the most common method of transferring risk. For
example, the buyer of a credit default swap (CDS) transfers credit risk to the seller. One
of the counterparties in an interest rate swap transfers market risk (specifically, interest
rate risk) to the other counterparty.
2014)
18
Three examples of specific challenges that arise in risk management include:

1. Unexpected loss variability
2. Correlation risk
3. Lessons from the 2007-2008 global financial crisis (GFC)
Challenge: To manage unexpected levels of variability
The firm depends on risk management to manage unexpected loss variability. But such
variability is better managed if the firm has measured its exposures with some level(s) of
confidence. By measuring its exposure to variability, the firm can allocate capital buffers (in
addition to other techniques) and, additionally, can communicate to stakeholders.
Challenge: To anticipate and manage correlation risk
A typical example of correlation risk is a credit portfolio (e.g., portfolio of bonds) that features a
default correlation between credits in the portfolio. Or similarly, a pairwise correlation matrix
characterizes the correlation between asset returns in an equity portfolio. Because correlation is
a statistical measure between two variables, correlation risk refers to a broad array of risks.
 The classic and basic formula in credit risk is EL = EAD × PD × LGD, where EL refers to
expected loss, EAD refers to exposure at default, PD refers to default probability, and
LGD refers to loss given default. It is common to assume independence among these
variables. However, it may not be realistic! For example, a higher PD might be
associated with a higher LGD (or, equivalently, a lower recovery rate).
 In general, unexpected loss increases with higher default correlation. To the extent we
are measuring (or concerned with) unexpected losses, correlations among risk factors
will tend to increase the unexpected loss. Therefore, if we omit relevant correlation(s)
between or among risk factors, we are likely to understate the unexpected loss.
Expected loss is a statistical mean and likely will be unaffected by correlation, but
unexpected loss is a function of (multiple of) the standard deviation such that it will be
influenced by correlations.
Challenge: Lessons of the 2007-2008 global financial crisis (GFC)

 Prior to the GFC, the overwhelming favorite approach to measuring risk was the
historical-statistical approach (it may still be the most common). As an umbrella term,
this refers to using a historical sample to inform a parameter. For example, to compute
the standard deviation of the last 250 trading days and to employ the result in a model
that requires a volatility parameter.
 The GFC, among other consequences, exposed the weaknesses of too heavy a reliance
on historical-statistical approaches. In its place, or at least as a more common
supplement, risk managers now emphasize scenario analysis and stress testing. The
key difference is that scenario analysis and stress testing are not limited by history in
parameter selection. In fact, they require subjective judgment and even imagination.
19
The Role of the Risk Manager (RM)
The Risk Manager (RM) cannot predict the future. Rather, the RM should identify each of the
firm’s risks, attempt to put them in context (e.g., relevance), quantify them where appropriate
(i.e., characterize with distributions), and importantly, communicate them to stakeholders. The
communication step is critical. If executives and the Board do not understand key risks, they
cannot decide or act on such risks, even if those risks are well-quantified within the risk function.
 For example, the risk manager’s role is not to produce a point estimate of the U.S.
dollar/euro exchange rate at the end of the year; but to produce a distribution estimate of
the potential exchange rate at year-end and explain what this might mean for the firm
(given its financial positions). These distribution estimates can then be used to help
make risk management decisions and also to produce risk-adjusted metrics such as risk-
adjusted return on capital (RAROC).17
The RM’s role is not merely defensive. To compete, firms need to balance risk and
reward. Proper risk management “has a seat at the executive table” as a strategic ally in
the firm’s long-term goals. Elements of the role include:
 Implement policies and develop methodologies
 Ensure infrastructure (e.g., technology) exists to track and report relevant metrics
 Distinguish among obstacles that are technical, organizational, and/or political
 Define the reporting lines of risk managers
 Facilitate a balance in the relationship between business (unit) leaders and staff risk
managers. There must be separate, but they cannot be too detached.
The RM should seek to understand his/her role as a professional in the community of

stakeholders. The professional imperative implies the RM is at least curious about best
practices, and ideally, may even seek to contribute to the profession’s development.
Questions include:
 Who explicitly and implicitly oversees the risk manager? For example, regulators.
 What is the ideal and/or evolving relationship with the audit function?
 What is the true nature of the firm’s risk culture? For that matter, where are the
disconnects between documentation (or literal definitions) and the actual artifacts that
define a culture? This is a difficult job that is very different than running numbers in a
spreadsheet!
2014)
20
The Ups and Downs (“bumpy road”) in Risk Management18

Ups
 Dramatic explosion in the adoption of sophisticated risk management processes, driven
by an expanding skill base and falling cost of risk technologies
 Increase in the skill levels and associated compensation of risk management personnel
as sophisticated risk techniques have been adopted to measure risk exposures •
 Birth of new risk management markets (e.g., credit, commodities, weather derivatives),
representing highly innovative and potentially lucrative financial markets
 Birth of global risk management industry associations as well as a dramatic rise in the
number of global risk management personnel
 Extension of the risk measurement frontier out from traditional measured risks such as
market risk toward credit and operational risks
 Cross fertilization of risk management techniques across diverse industries from banking
to insurance, energy, chemicals, and aerospace
 Ascent of risk managers in the corporate hierarchy to become chief risk officers, to
become members of the top executive team (e.g., part of the management committee),
and to report to both the CEO and the board of the company
Downs
 The financial crisis of 2007– 2009 revealed significant weaknesses in managing
systemic and cyclical risks.
 Firms have been tempted to over-rely on historical-statistical measures of risk— a
weakness that improved stress testing seeks to address.
 Risk managers continue to find it a challenge to balance their fiduciary responsibilities
against the cost of offending powerful business heads.
 Risk managers do not generate revenue and therefore have not yet achieved the same
status as the heads of successful revenue-generating businesses.
 It’s proving difficult to make truly unified measurements of different kinds of risk and to
understand the destructive power of risk interactions (e.g., credit and liquidity risk).
 Quantifying risk exposure for the whole organization can be hugely complicated and may
descend into a “box ticking” exercise.
The growing power of risk managers could be a negative force in business if risk management
is interpreted as risk avoidance; it’s possible to be too risk-averse.
18 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Edition (New York:
McGraw-Hill, 2014)
21

Foundations of Risk Management Chapter 1 Summary

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Foundations of Risk Management Chapter 1 Summary

Uploaded by

Copyright:

Available Formats

Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.

P1.T1. Foundations of Risk

Chapter 1. The Building Blocks of Risk Management

Chapter 1. The Building Blocks of Risk Management

 Interpret the relationship between risk and reward.

Key aspects of this definition

Technically (in insurance terms), risk is neither peril nor hazard:

Risk is not identical to the magnitude of a loss.

Evaluate, compare, and apply tools and procedures used to measure

Classification schemes are valuable but also dangerous.

3 Principles for the Sound Management of Operational Risk https://www.bis.org/publ/bcbs195.pdf

There is an important trend toward enterprise-wide risk management (ERM)

GARP’s ten risk management building blocks

1. The risk typology

Risk-adjusted return on capital (RAROC)

After-tax net risk-adjusted expected return ÷ Economic capital (EC)

Distinguish between expected loss and unexpected loss and provide

Describe and differentiate between the key classes of risks, explain

 Market risk  Legal and regulatory risk

FIGURE 1A-2 Schematic Presentation, by Categories, of Financial Risks9

Transaction risk Issue Risk

The Four Types of Market Risk

Interest Rate Risk

Equity Price Risk

Foreign Exchange Risk

Commodity Price Risk

The Four Types of Credit Risk

The following are fundamental terms in credit risk:

Credit Risk at the Portfolio Level

Legal and Regulatory Risk

Systemic Risk (is any threat to financial stability)

Optional Appendix: This learning objective was removed from the

Describe elements, or building blocks, of the risk management

Figure 1.1 - The Risk Management Process16

The type of risk can be more important than (or at

Risk management generally involves four basic

Three examples of specific challenges that arise in risk management include:

Challenge: To manage unexpected levels of variability

Challenge: To anticipate and manage correlation risk

Challenge: Lessons of the 2007-2008 global financial crisis (GFC)

The Role of the Risk Manager (RM)

The RM should seek to understand his/her role as a professional in the community of

The Ups and Downs (“bumpy road”) in Risk Management18

You might also like