a conceptual model that relates risk-taking to asset generation and firm growth.
6. In a potential merger with another institution, what should SifiBank take into consideration that would mitigate potential risk later?
7. What factors led to the near death of SifiBank after the financial crisis of 2008–2009?
8. What is the Volcker Rule and what impact does it have on banking and financial risk management?
9. What are a few key measures that banks use to monitor their performance?
10. What is systemic risk and how does it affect bank risk?
11. What is risk layering?
12. What is CAMELS?
13. What are some of the key provisions of DFA?
CHAPTER 2
Overview of Financial Risk Management
RISK MANAGEMENT DEFINED
Risk management describes a collection of activities to identify, measure, and ultimately manage a set of risks. People and organizations confront risks every day: For example, an individual decides to leave a relatively secure job for another with better opportunity and compensation across country, a government faces the threat of terrorist attacks on public transportation, or a bank determines which financial products it should offer to customers. While some risks are fairly mundane and others a matter of life or death at times, the fundamental process for assessing risk entails evaluation of trade-offs of outcomes depending on the course of action taken. The complexity of the risk assessment is a function of the potential impact from a particular set of outcomes; the individual deciding to take a different job is likely to engage in a simpler risk assessment, perhaps drawing up a pros and cons template, while a government facing terrorist threats might establish a rigorous set of quantitative and surveillance tools to gather intelligence and assign likelihoods and possible effects to a range of outcomes.
Regardless of the application or circumstance, each of the assessments above has a common thread, namely, the assessment of risk. But what exactly is risk and is it the same across all of these situations? Risk is fundamentally about quantifying the unknown. Uncertainty by its very nature tends to complicate our thinking about risk because we cannot touch or see it although it is all around us. As human beings have advanced in their application of technology and science to problem solving, a natural evolution to assessing risk using such capabilities has taken place over time. Quantifying uncertainty has taken the discipline of institutional risk management to a new level over the past few decades with the acceleration in computing hardware and software and analytical techniques.
Risk and statistics share common ground as uncertainty may be expressed using standard statistical concepts such as probability. As will be seen later, while statistics provide an intuitive and elegant way to define risk, it nonetheless offers an incomplete way to fully understand risk due to inherent limitations on standard statistical theory and applications that do not always represent actual market behaviors. This does not imply that we should abandon statistical applications for assessing risk, but that a healthy dose of skepticism over accepting a purely analytical assessment of risk is a prerequisite to good risk management. As a starting point, basic statistical theory presents a convenient way of thinking about risk. Figure 2.1 depicts a standard normal probability distribution for some random variable x. The shape of the distribution is defined by two parameters, its mean or central tendency centered on 0 and the standard deviation, σ. If risk can be distilled to a single estimate, standard deviation is perhaps the most generalized depiction of risk, as it measures the degree to which outcomes stray from the expected outcome or mean level. More formally, standard deviation is expressed as shown in Equation 2.1.
Figure 2.1 Standard Normal Distribution and Area Under the Curve
where pi represents the probability of outcome i, and μ is the mean of the variable x. The variable x could reflect the returns from a product or service for a company, the compensation to an employee for a particular job, or the amount of collateral damage from a terrorist attack, for example. Despite the difference in the variable of interest, the one common aspect for all of these risks is that they can be measured by the standard deviation. Further, risks can be managed based on the tolerance for risky outcomes as may be represented by the distance of a specific set of outcomes from their expected level.
To further reinforce the concept of standard deviation as a measure of risk, consider the returns for the firm shown in Table 2.1. There are nine different annual return outcomes representing x in Equation 2.1. The average of these scenarios is 11.3 percent. The deviations of each outcome from that mean (m μ) are shown as (x – μ)2 and that result is multiplied by each outcome’s probability. The sum of these probability-weighted squared deviations represents the variance of the firm’s annual returns. Taking the square root of the variance yields the standard deviation of 5.91 percent. That would mean that 68 percent of the firm’s potential return outcomes should lie between (11.3 – 5.91) and (11.3 + 5.91) or 5.39 and 17.21 percent, respectively.
Table 2.1 Example Calculation of Standard Deviation of Firm Annual Returns
Take the case of a company that faces whether to engage in a certain business activity or not. The firm obtains a set of historical data from the last several years of returns on similar products provided by other competitors. Suppose now the mean return for the product is 15 percent with a standard deviation of 5 percent. Using the information from the standard normal distribution in Figure 2.1, the company can begin to shape its view of risk. First, the distribution of returns takes on a similar symmetric shape as the standard normal curve shown in Figure 2.1. Under such a distribution, outcomes that deviate significantly from the average come in two forms: some that create very large positive returns above the 15 percent shown on the right-hand side of the distribution, and some that create corresponding returns smaller than 15 percent. The company realizes that returns less than 15 percent (its cost of capital) would drain resources and capital away from the firm, thus destroying shareholder value. In this context, only returns below 15 percent create risk to the company. The company now focuses on the left-hand tail, paying particular attention to how bad returns could be. The distribution’s y-axis (vertical) displays the frequency, or percentage of time, that a particular return outcome would be observed. According to the standard normal distribution, approximately 68 percent of the time returns would be between plus and minus 1 standard deviation from the mean. In this case we should find returns between 10 and 20 percent occur about 68 percent of the time. But moving out two or three standard deviations in either direction would capture 95 and 99.7 percent of the occurrences, respectively. However, with the focus only on low-return events, the company only needs to understand the frequency of these occurrences in assessing its project risk. In this example, outcomes that generate returns between 10 and 15 percent occur about 34 percent of the time. If the company were to look at adverse outcomes that are –2 standard deviations away from the mean, then returns between 5 and 15 percent would occur about 47.5 percent of the time. At this point, the company would need to think about what would happen if they were to observe a return of 10 percent versus 5 percent. If, for instance, the company had information to suggest that if returns reached 5 percent it would have to shut down, this would pose an unacceptable level of
