Professional Documents
Culture Documents
The information provided in this document is intended solely for you. Please do not freely distribute.
Optional Appendix: This learning objective was removed from the curriculum in 2021.
We’ve placed it in this appendix for optional reading.
DESCRIBE ELEMENTS, OR BUILDING BLOCKS, OF THE RISK MANAGEMENT PROCESS AND IDENTIFY
PROBLEMS AND CHALLENGES THAT CAN ARISE IN THE RISK MANAGEMENT PROCESS....................17
2
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Evaluate, compare, and apply tools and procedures used to measure and manage
risk, including quantitative measures, qualitative risk assessment techniques, and
enterprise risk management.
Distinguish between expected loss and unexpected loss and provide examples of
each.
Describe and differentiate between the key classes of risks, explain how each type of
risk can arise, and assess the potential impact of each type of risk on an organization.
Explain how risk factors can interact with each other and describe challenges in
aggregating risk exposures.
Explain the concept of risk and compare risk management with risk
taking.
We can refer to risk generally as variability or—in the case of financial risk specifically—we can
refer to risk as volatility:
Risk is the variability of adverse outcomes that are unexpected (general)
Financial risk is volatility (volatility as a special case of variability) of unexpected losses
3
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
While everybody has an intuition about risk, a formal treatment of risk requires statistics
For example, we might assign probabilities to different future scenarios. Then we can
calculate a standard deviation, which is a way to measure the risk.
Probably the most essential component of this formal treatment of risk is the use of
probability distribution: a probability distribution quantifies risk.
A probability distribution enables us to quantify value-at-risk (VaR) and unexpected loss
(UL) because every probability distribution contains a loss quantile associated with a
confidence level.
For example, if a standard normal distribution characterizes our loss distribution, then
the 95th percentile (aka, 0.95 or 0.050 quantile) lies at -1.645 or +1.645, depending on
our format is P(+)/L(-) or L(+)/P(-);, i.e., depending on whether losses are mathematically
assigned positive values for the sake of convenience. In the case of a 95.0% confidence
level, because we only care about the loss side of the distribution, we can refer to this as
either the 0.050 or 0.950 quantile, given we realize that the format can be either P(+)/L(-)
or L(+)/P(-).
Knightian uncertainty illustrates the distinction between uncertainty and risk. Knightian
uncertainty “is a lack of any quantifiable knowledge about some possible occurrence, as
opposed to the presence of quantifiable risk”1 In this way, the difference between uncertainty
and risk is our ability (or attempt) to quantity. Similarly, much of what is called “risk” is the
identification and specification of a probability distribution; for this reason, probability
distributions are key ingredients in risk!
The definitions of value-at-risk (VaR) and economic capital (EC) depend on the definition
of unexpected loss (UL)
VaR is the worst expected loss associated with some confidence level (typically 95%
or 99%) over some horizon (e.g., one day, three months, one year). VaR requires a
confidence level and a time horizon, such that many VaRs are possible.
For example, we might say that our options position has a one-day VaR of $1.0 million at
the 99.0% confidence level, meaning that our risk analysis shows that there is only a
1.0% probability of a loss that is greater than $1.0 million on any given trading day.2
Economic capital is the risk capital employed by the firm to absorb unexpected losses
(UL) such that we can typically define economic capital as a multiple of UL, even if the
multiple is simply 1.0.
1 See https://en.wikipedia.org/wiki/Knightian_uncertainty
2 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
4
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
5
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Quantitative Measures
Risk measurement requires assigning numbers to classified risks.
Absolute (aka, ratio or interval) values enable carefully weighed decisions, but even
categorical rankings (aka, ordinal values) enable useful comparisons.
The mere assignment of a numerical value does not render the value necessarily useful!
Only some numbers are effectively useful in comparison.
For example, using the face value or “notional amount” of a bond to indicate the risk of a
bond is a flawed approach. A million-dollar position in a par value 10-year Treasury bond
does not represent at all the same amount of risk as a million-dollar position in a 4-year
par value Treasury bond.5
VaR is perhaps the most prominent “sophisticated” risk measure
o Because VaR is just a statistical quantile, it can be used for comparisons.
o VaR works better in practice under so-called “normal” conditions. If markets are
abnormal (e.g., regime-changing), VaR is less effective. Most notably (and a key
lesson from the GFC), VaR requires adjustment when markets are illiquid.
o VaR favors short horizons: one-day VaR is likely more accurate than one-year VaR.
o VaR requires a robust control environment: VaR may be a risk measure, but it
requires a risk management context.
5 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
6
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
In this way, economic capital is a fully loaded measure of risk that includes both expected loss
(EL) and unexpected loss (UL). RAROC is theoretically superior to older methods (e.g., IRR or
NPV) because it explicates the risk of the project (although NPV can attempt to do this via
calibration of the discount rate). If the RAROC exceeds the cost of equity, the project is
desirable.7
However, there are two disadvantages of RAROC: lack of a uniform (or regulatory) definition
and implementation difficulty. Says GARP about RAROC, “There are many variants on the
RAROC formula, applied across many different industries and institutions. Their level of
sophistication varies but all have the same purpose: to adjust performance for risk … There are
many practical difficulties in applying RAROC, including its dependence on the underlying risk
calculations. Managers of business divisions often dispute the validity of RAROC numbers,
sometimes for self-interested reasons.” 6
6 Education, Pearson. Foundations of Risk Management. Pearson Learning Solutions, 2020. VitalBook file.
7 Please be aware of a theoretical improvement to RAROC called adjusted RAROC (i.e., ARAROC) that is introduced
in FRM Part 2 but outside our current scope.
7
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Expected loss is generally treated as a “cost of doing business” and consequently is often built
into the pricing of a product.
As a portfolio increases in size and gains diversification, the actual losses incurred should
converge on the expected loss. The more granular (aka, less lumpy) is the credit portfolio, the
more the actual losses should converge on the expected loss.
The unexpected loss (UL) is the standard deviation of around (or about) the expected loss; UL
refers to the dispersion of expected losses. In credit risk, unexpected loss is given by:
= $ =
Interpret the relationship between risk and reward and explain how
conflicts of interest can impact risk management.
The relationship between risk and reward
The traditional view is that higher risk implies a higher return, but this is not always observed:
sometimes less risky assets counterintuitively exhibit higher returns! Firstly, we need sufficiently
efficient markets to infer implied risk premiums; inefficient markets cloud the relationship, as the
impact of illiquidity is variant to many conditions. Complications include:
Bond markets: bond prices often indicate relative risk; however, technical factors
(especially liquidity and tax effects) add confusing signals.
The traditional risk-reward relationship is especially distorted in the absence of traded
instruments: trading enables price discovery.
Investor appetite for risk varies over time. That was the case during the period from
early 2005 to mid-2007, until the eruption of the subprime crisis. With the eruption of the
crisis, credit spreads moved up dramatically and reached a peak following the collapse
of Lehman Brothers in September 2008.8
Conflicts of interest
Compensation incentive programs can distort the risk-reward relationship. The notorious
example, written in countless case studies, is the annual bonus. The firm pays such bonuses for
recent performance, but the risks incurred might have been delayed into future years.
8 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
8
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
These categories can be broken down into more specific categories, as shown below. Please
note that market risk and credit risk are referred to as financial risks.
General market
risk
Equity Price Risk
Trading Risk
Market Risk Interest Rate Risk
Specific risk
Gap Risk
Foreign Exchange
Risk
Commodity Price
Risk
Financial Risks
Credit Risk
Porfolio concentration Issuer Risk
Counterparty
credit risk
9
Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill, 2014)
9
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Risk Typology
Market Risk
Market risk may reduce a position’s (i.e., security or portfolio) value due to a change in financial
market variables, especially prices or interest rates. Market risk includes equity price risk,
interest rate risk, foreign exchange risk, and commodity price risk.
Price risk parses into a general market risk component and a specific
market risk component.
Market risk specifically depends on the context. For example,
In the case of a fund, the fund may be marketed as tracking a specific benchmark. Here,
market risk is important to the extent that it creates a risk of tracking error.10
Basis risk is a type of market risk that cannot be avoided when a position is hedged, as it refers
to unanticipated changes in the basis (the price difference between the exposure and the
hedge) that render the hedge imperfect.
Curve risk is when the fixed income is hedged against parallel shifts in the yield curve (e.g.,
duration or DV01 hedged) but are exposed to non-parallel shifts such as twists or
steepening/flattening.
10 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
10
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Credit Risk
Credit risk is the possibility of financial loss due to counterparty default or credit deterioration,
which is an increase in the probability of default. In this way, under credit risk, we include
default, deterioration, downgrade (aka, adverse migration).
11
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
The CDS market has struggled to define the kind of credit event that should trigger a payout
under a credit derivatives contract. Major credit events, as formalized by the International
Swaps and Derivatives Association (ISDA), include:11
Bankruptcy, insolvency, or payment default
Obligation/ cross-default, which means the occurrence of a default (other than failure to
make a payment) on any other similar obligation
Obligation acceleration, which refers to the situation in which debt becomes due and
repayable prior to maturity (subject to a materiality threshold of $ 10 million, unless
otherwise stated)
Stipulated fall in the price of the underlying asset
Downgrade in the rating of the issuer of the underlying asset
Restructuring (this is probably the most controversial credit event)
Repudiation/ moratorium, which can occur in two situations: First, the reference entity
(the obligor of the underlying bond or loan issue) refuses to honor its obligations.
Second, a company could be prevented from making a payment because of a sovereign
debt moratorium (e.g., the City of Moscow in 1998).
11 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
12
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Liquidity Risk
Liquidity risk refers to either funding liquidity risk or trading liquidity risk, although they can
interact (including in a downward spiral).
Funding liquidity risk is the firm’s ability to raise cash and/or refinance (including roll-
over) debt in order to meet liquidity needs. Quantification of this risk is often difficult.
Trading liquidity risk (aka, liquidity risk) is the risk that a position cannot be exited at
the prevailing market price. There is grave liquidity risk if a so-called fire sale is required.
Operational Risk
Operational risk refers to potential losses resulting from a range of operational weaknesses,
including inadequate systems, management failure, faulty controls, fraud, and human errors (in
the financial services, operational risk often also includes natural or man-made catastrophes).
Derivatives are prone to operational risk and require tight controls. Derivative trades are
leveraged (by definition) and therefore more prone to operational risk than cash
transactions. Complex derivatives further require sophisticated valuation, which is an
operational risk (i.e., model risk). The recent history of notable (and/or large) derivative
trading losses that are “case studies” are disproportionally the consequence of
operational failures.
Operational risk includes human factor risk (aka, human or pilot error), e.g., data mis-
entry, inadvertent file destruction.
Operational risk also includes technology risk and fraud
13
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Business Risk
Business risk is the fundamental risk inherent in the conduct of business; it is an umbrella that
includes risks generally encouraged by investors (who are not seeking to eliminate risk as they
have safer alternatives). Business risk includes the costs of doing business, pricing dynamics,
and demand changes in the demand (for product) curve.
Managing business risk, including making strategic decisions, is the primary job of
management
The Basel II Accord excludes business risk from the definition of operational risk,
although many believe it is more impactful on bank revenue than the operational
event/failure risks that regulators do include within bank minimum capital requirements.12
Business risk is also known as business/strategic/reputation risk.
Strategic Risk
Strategic risk is the risk that the firm’s strategy is sub-optimal, flawed, or worse; it concerns the
choice of customers and markets in the context of a competitive landscape. A good framework
for analyzing strategy risk is Porter’s five forces13. This Porter framework evaluates strategy in
the context of five forces – the threat of new entrants, threat of substitutes, bargaining power of
customers, bargaining power of supplier, and intensity of competitive rivalry.
12 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
13 See https://en.wikipedia.org/wiki/Porter's_five_forces_analysis
14
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Reputation Risk
Reputation risk parses into two primary classes14:
1. The belief an organization will honor its promises to counterparties and creditors.
2. The belief an organization is an ethical and fair dealer.
Reputation risk is a rising concern due to the rapid growth of social networks such as Facebook
and LinkedIn: bad news about a firm, or rumors, can “go viral.”
Reputation risk is especially important to financial institutions because they require the
confidence of their constituents, including customers, creditors, and regulators. Banks are
further under pressure to demonstrate their commitment to environmental, social, and corporate
governance (ESG) principles.
As a defensive mechanism, ten international banks from seven countries announced in
June 2003 the adoption of the “Equator Principles,” a voluntary set of guidelines
developed by the banks for managing social and environmental issues related to the
financing of projects in emerging countries.
The Equator Principles are based on the policy and guidelines of the World Bank and
International Finance Corporation (IFC) and require the borrower to conduct an
environmental assessment for high-risk projects to address issues such as sustainable
development and use of renewable natural resources, human health, pollution
prevention, and waste minimization, and socioeconomic impact.14
14 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
15
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
Explain how risk factors can interact with each other and describe
challenges in aggregating risk exposures.
The job of risk managers includes analyzing (breaking down, deconstructing) risk factors into
their fundamental drivers. Often, this involves layers of analysis─larger factors are
deconstructed into their smaller determinants or sub-factors. Ideally, the risk manager wants to
identify and understand all significant and relevant risk factors and their sub-factors.
To score the risk factor, the risk manager wants to look for its sub-factors. For example, cyber
risk is a broad umbrella that must be defined by its components.
Historically, the limitation was data availability. However, big data (accompanied by machine
learning) enables profound analysis granularity. It is reasonable to expect that an implication of
data science is that risk managers will discover new risk factors; at a minimum, the granularity
of the risk typology will be increased.
16
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
15 2020 FRM Part I: Foundations of Risk Management, 10th Edition. Pearson Learning Solutions
17
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
16 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
18
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
The firm depends on risk management to manage unexpected loss variability. But such
variability is better managed if the firm has measured its exposures with some level(s) of
confidence. By measuring its exposure to variability, the firm can allocate capital buffers (in
addition to other techniques) and, additionally, can communicate to stakeholders.
A typical example of correlation risk is a credit portfolio (e.g., portfolio of bonds) that features a
default correlation between credits in the portfolio. Or similarly, a pairwise correlation matrix
characterizes the correlation between asset returns in an equity portfolio. Because correlation is
a statistical measure between two variables, correlation risk refers to a broad array of risks.
The classic and basic formula in credit risk is EL = EAD × PD × LGD, where EL refers to
expected loss, EAD refers to exposure at default, PD refers to default probability, and
LGD refers to loss given default. It is common to assume independence among these
variables. However, it may not be realistic! For example, a higher PD might be
associated with a higher LGD (or, equivalently, a lower recovery rate).
In general, unexpected loss increases with higher default correlation. To the extent we
are measuring (or concerned with) unexpected losses, correlations among risk factors
will tend to increase the unexpected loss. Therefore, if we omit relevant correlation(s)
between or among risk factors, we are likely to understate the unexpected loss.
Expected loss is a statistical mean and likely will be unaffected by correlation, but
unexpected loss is a function of (multiple of) the standard deviation such that it will be
influenced by correlations.
19
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
The Risk Manager (RM) cannot predict the future. Rather, the RM should identify each of the
firm’s risks, attempt to put them in context (e.g., relevance), quantify them where appropriate
(i.e., characterize with distributions), and importantly, communicate them to stakeholders. The
communication step is critical. If executives and the Board do not understand key risks, they
cannot decide or act on such risks, even if those risks are well-quantified within the risk function.
For example, the risk manager’s role is not to produce a point estimate of the U.S.
dollar/euro exchange rate at the end of the year; but to produce a distribution estimate of
the potential exchange rate at year-end and explain what this might mean for the firm
(given its financial positions). These distribution estimates can then be used to help
make risk management decisions and also to produce risk-adjusted metrics such as risk-
adjusted return on capital (RAROC).17
The RM’s role is not merely defensive. To compete, firms need to balance risk and
reward. Proper risk management “has a seat at the executive table” as a strategic ally in
the firm’s long-term goals. Elements of the role include:
Implement policies and develop methodologies
Ensure infrastructure (e.g., technology) exists to track and report relevant metrics
Distinguish among obstacles that are technical, organizational, and/or political
Define the reporting lines of risk managers
Facilitate a balance in the relationship between business (unit) leaders and staff risk
managers. There must be separate, but they cannot be too detached.
Who explicitly and implicitly oversees the risk manager? For example, regulators.
What is the ideal and/or evolving relationship with the audit function?
What is the true nature of the firm’s risk culture? For that matter, where are the
disconnects between documentation (or literal definitions) and the actual artifacts that
define a culture? This is a difficult job that is very different than running numbers in a
spreadsheet!
17 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Ed. (NY: McGraw-Hill,
2014)
20
Licensed to Christian Rey Magtibay at christianrey_magtibay@yahoo.com. Downloaded August 21, 2021.
The information provided in this document is intended solely for you. Please do not freely distribute.
18 Michel Crouhy, Dan Galai, and Robert Mark, The Essentials of Risk Management, 2nd Edition (New York:
McGraw-Hill, 2014)
21