Financial Enterprise Risk Management, Sweeting, Paul.pdf - Financial Enterprise Risk Management Financial Enterprise Risk Management provides all the

Financial Enterprise Risk Management, Sweeting, Paul.pdf -...

This preview shows page 1 out of 563 pages.

You've reached the end of your free preview.

Want to read all 563 pages?

Unformatted text preview: Financial Enterprise Risk Management Financial Enterprise Risk Management provides all the tools needed to build and maintain a comprehensive ERM framework. As well as outlining the construction of such frameworks, it discusses the internal and external contexts within which risk management must be carried out. It also covers a range of qualitative and quantitative techniques that can be used to identify, model and measure risks, and describes a range of risk mitigation strategies. Over 100 diagrams are used to help describe the range of approaches available, and risk management issues are further highlighted by various case studies. A number of proprietary, advisory and mandatory risk management frameworks are also discussed, including Solvency II, Basel III and ISO 31000:2009. This book is an excellent resource for actuarial students studying for examinations, for risk management practitioners and for any academic looking for an up-to-date reference to current techniques. paul s w e e t ing is a Managing Director at JP Morgan Asset Management. Prior to this, he was a Professor of Actuarial Science at the University of Kent and he still holds a chair at the university. Before moving to academia, Paul held a number of roles in pensions, insurance and investment. Most recently he was responsible for developing the longevity reinsurance strategy for Munich Reinsurance, before which he was Director of Research at Fidelity Investments’ Retirement Institute. In his early career, Paul gained extensive experience as a consulting actuary advising on pensions and investment issues for a range of pension schemes and their corporate sponsors. He is affiliated to a number of professional bodies being a Fellow of the Institute of Actuaries, a Fellow of the Royal Statistical Society, a Fellow of the Securities and Investment Institute and a CFA Charterholder. Paul has written extensively on a range of pensions, investment and risk issues and is a regular contributor to the print and broadcast media. Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:18, subject to the Cambridge Core terms of use, available at . I N T E R N AT I O N A L SER I ES ON AC T U A R I A L S C I E N C E Editorial Board Christopher Daykin (Independent Consultant and Actuary) Angus Macdonald (Heriot-Watt University) The International Series on Actuarial Science, published by Cambridge University Press in conjunction with the Institute and Faculty of Actuaries, contains textbooks for students taking courses in or related to actuarial science, as well as more advanced works designed for continuing professional development or for describing and synthesizing research. The series is a vehicle for publishing books that reflect changes and developments in the curriculum, that encourage the introduction of courses on actuarial science in universities, and that show how actuarial science can be used in all areas where there is long-term financial risk. A complete list of books in the series can be found at . Recent titles include the following: Regression Modeling with Actuarial and Financial Applications EDWARD W. FREES Actuarial Mathematics for Life Contingent Risks DAVID C.M. DICKSON, MARY R. HARDY & HOWARD R. WATERS Nonlife Actuarial Models YIU-KUEN TSE Generalized Linear Models for Insurance Data PIET DE JONG & GILLIAN Z. HELLER Market-Valuation Methods in Life and Pension Insurance THOMAS MØLLER & MOGENS STEFFENSEN Insurance Risk and Ruin DAVID C.M. DICKSON Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:18, subject to the Cambridge Core terms of use, available at . F I NANC I AL E NT E R PR ISE RISK MANAGEMENT PAU L S W E E T I N G University of Kent, Canterbury Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:18, subject to the Cambridge Core terms of use, available at . c a m br id g e u n ive r s it y p r e s s Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, S˜ao Paulo, Delhi, Tokyo, Mexico City Cambridge University Press The Edinburgh Building, Cambridge CB2 8RU, UK Published in the United States of America by Cambridge University Press, New York Information on this title: c P. Sweeting 2011  This publication is in copyright. Subject to statutory exception and to the provisions of relevant collective licensing agreements, no reproduction of any part may take place without the written permission of Cambridge University Press. First published 2011 Printed in the United Kingdom at the University Press, Cambridge A catalogue record for this publication is available from the British Library Library of Congress Cataloguing in Publication data Sweeting, Paul. Financial enterprise risk management / Paul Sweeting. p. cm. – (International series on actuarial science) Includes bibliographical references and index. ISBN 978-0-521-11164-5 (hardback) 1. Financial institutions–Risk management. 2. Financial services industry–Risk management. I. Title. HG173.S94 2011 332.1068 1–dc23 2011025050 ISBN 978-0-521-11164-5 Hardback Cambridge University Press has no responsibility for the persistence or accuracy of URLs for external or third-party internet websites referred to in this publication, and does not guarantee that any content on such websites is, or will remain, accurate or appropriate. Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:18, subject to the Cambridge Core terms of use, available at . Contents Preface page xi 1 An introduction to enterprise risk management 1.1 Definitions and concepts of risk 1.2 Why manage risk? 1.3 Enterprise risk management frameworks 1.4 Corporate governance 1.5 Models of risk management 1.6 The risk management time horizon 1.7 Further reading 1 1 3 5 6 8 9 10 2 Types of financial institution 2.1 Introduction 2.2 Banks 2.3 Insurance companies 2.4 Pension schemes 2.5 Foundations and endowments 2.6 Further reading 11 11 11 14 16 18 18 3 Stakeholders 3.1 Introduction 3.2 Principals 3.3 Agents 3.4 Controlling 3.5 Advisory 3.6 Incidental 3.7 Further reading 20 20 20 31 41 48 51 53 v Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . vi Contents 4 The internal environment 4.1 Introduction 4.2 Internal stakeholders 4.3 Culture 4.4 Structure 4.5 Capabilities 4.6 Further reading 54 54 54 55 57 60 60 5 The external environment 5.1 Introduction 5.2 External stakeholders 5.3 Political environment 5.4 Economic environment 5.5 Social and cultural environment 5.6 Competitive environment 5.7 Regulatory environment 5.8 Professional environment 5.9 Industry environment 5.10 Further reading 61 61 61 62 62 64 65 66 85 88 90 6 Process overview 91 7 Definitions of risk 7.1 Introduction 7.2 Market and economic risk 7.3 Interest rate risk 7.4 Foreign exchange risk 7.5 Credit risk 7.6 Liquidity risk 7.7 Systemic risk 7.8 Demographic risk 7.9 Non-life insurance risk 7.10 Operational risks 7.11 Residual risks 7.12 Further reading 93 93 93 94 94 95 96 97 99 101 102 110 111 8 Risk identification 8.1 Introduction 8.2 Risk identification tools 8.3 Risk identification techniques 112 112 112 115 Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . Contents 8.4 8.5 8.6 Assessment of risk nature Risk register Further reading vii 119 119 120 9 Some useful statistics 9.1 Location 9.2 Spread 9.3 Skew 9.4 Kurtosis 9.5 Correlation 9.6 Further reading 121 121 122 124 125 126 132 10 Statistical distributions 10.1 Univariate discrete distributions 10.2 Univariate continuous distributions 10.3 Multivariate distributions 10.4 Copulas 10.5 Further reading 134 134 137 171 195 220 11 Modelling techniques 11.1 Introduction 11.2 Fitting data to a distribution 11.3 Fitting data to a model 11.4 Smoothing data 11.5 Using models to classify data 11.6 Uncertainty 11.7 Credibility 11.8 Model validation 11.9 Further reading 221 221 223 228 237 245 259 262 270 271 12 Extreme value theory 12.1 Introduction 12.2 The generalised extreme value distribution 12.3 The generalised Pareto distribution 12.4 Further reading 272 272 272 275 279 13 Modelling time series 13.1 Introduction 13.2 Deterministic modelling 13.3 Stochastic modelling 13.4 Time series processes 280 280 280 281 285 Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . viii Contents 13.5 Data frequency 13.6 Discounting 13.7 Further reading 305 306 310 14 Quantifying particular risks 14.1 Introduction 14.2 Market and economic risk 14.3 Interest rate risk 14.4 Foreign exchange risk 14.5 Credit risk 14.6 Liquidity risk 14.7 Systemic risks 14.8 Demographic risk 14.9 Non-life insurance risk 14.10 Operational risks 14.11 Further reading 311 311 311 325 337 338 360 362 363 372 379 381 15 Risk assessment 15.1 Introduction 15.2 Risk appetite 15.3 Upside and downside risk 15.4 Risk measures 15.5 Unquantifiable risks 15.6 Return measures 15.7 Optimisation 15.8 Further reading 382 382 383 386 387 401 403 404 411 16 Responses to risk 16.1 Introduction 16.2 Market and economic risk 16.3 Interest rate risk 16.4 Foreign exchange risk 16.5 Credit risk 16.6 Liquidity risk 16.7 Systemic risk 16.8 Demographic risk 16.9 Non-life insurance risk 16.10 Operational risks 16.11 Further reading 413 413 416 430 434 435 442 442 444 446 447 456 Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . Contents ix 17 Continuous considerations 17.1 Introduction 17.2 Documentation 17.3 Communication 17.4 Audit 17.5 Further reading 457 457 457 458 460 461 18 Economic capital 18.1 Introduction 18.2 Definition of economic capital 18.3 Economic capital models 18.4 Designing an economic capital model 18.5 Running an economic capital model 18.6 Calculating economic capital 18.7 Economic capital and risk optimisation 18.8 Capital allocation 18.9 Further reading 462 462 462 463 464 465 466 467 469 471 19 Risk frameworks 19.1 Mandatory risk frameworks 19.2 Advisory risk frameworks 19.3 Proprietary risk frameworks 19.4 Further reading 472 472 483 499 504 20 Case studies 20.1 Introduction 20.2 The 2007–2011 global financial crisis 20.3 Barings Bank 20.4 Equitable Life 20.5 Korean Air 20.6 Long Term Capital Management 20.7 Bernard Madoff 20.8 Robert Maxwell 20.9 Space Shuttle Challenger 20.10 Conclusion 20.11 Further reading 505 505 505 511 514 517 519 521 522 523 525 525 References Index 527 540 Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:19, subject to the Cambridge Core terms of use, available at . Preface This book began life as a sessional paper presented to the Institute of Actuaries in Manchester and, some months later, to the Faculty of Actuaries in Edinburgh. Its presentation occurred at around the same time that a new subject on enterprise risk management was being developed for the UK actuarial exams. This made it a good time to expand the paper into something more substantial, with detailed information on many of the techniques that were only mentioned in the initial work. It also means that the book has benefited greatly from the work done by the syllabus development working party, led by Andrew Cairns and managed by Lindsay Smitherman. I found myself writing this book during a time of crisis for financial institutions around the world. Financial models have been blamed for a large part of this crisis, and this criticism is, to an extent, well-founded. It is certainly tempting to place far too much reliance on very complex models, ignoring the fact that they merely represent rather than replicate the real world. Some senior executives have also been guilty of seeing the output of these models but not understanding the underlying approaches and their limitations. Finally, many models have been designed seemingly ignorant of the fact that the data histories needed to provide parameters for these models are simply not available. However, at least as big an issue is that many non-financial risks were allowed to thrive in the years before the crisis. Many of the techniques described in this book are quantitative, and such risk modelling and management techniques can be very helpful. However, there are a number of ways in which risk can be quantified. Furthermore, these risk measures do not paint a complete picture. It is important to appreciate the limitations of these types of models, the circumstances in which they might fail and the implications of such failure. It is also crucial to understand that just because a risk is unquantifiable, it does not mean that it should be ignored. Some of the most important – and dangerous – risks cannot be modelled; however, they can frequently be identified and often managed. All risks should be considered together: this holistic approach is fundamental to enterprise risk management. Whilst identifying the extent – or even the existence – of individual risks is important, looking at the bigger picture is vital. Looking at the interaction between risks can highlight concentrations of risk, but also the potential xi Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:17, subject to the Cambridge Core terms of use, available at . xii Preface diversifying or even hedging effect of different risks. It is also important to recognise that risk is not necessarily synonymous with uncertainty. Risk is only bad if the outcome is adverse, and these types of risks can be described as downside risks. Upside risks also occur – these are opportunities – and without them, there would be no point in taking risks at all. Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:17, subject to the Cambridge Core terms of use, available at . 1 An introduction to enterprise risk management 1.1 Definitions and concepts of risk The word ‘risk’ has a number of meanings, and it is important to avoid ambiguity when risk is referred to. One concept of risk is uncertainty over the range of possible outcomes. However, in many cases uncertainty is a rather crude measure of risk, and it is important to distinguish between upside and downside risks. Risk can also mean the quantifiable probability associated with a particular outcome or range of outcomes; conversely, it can refer to the unquantifiable possibility of gains or losses associated with different future events, or even just the possibility of adverse outcomes. Rather than the probability of a particular outcome, it can also refer to the likely severity of a loss, given that a loss occurs. When multiplied, the probability and the severity give the expected value of a loss. A similar meaning of risk is exposure to loss, in effect the maximum loss that could be suffered. This could be regarded as the maximum possible severity, although the two are not necessarily equal. For example, in buildings insurance, the exposure is the cost of clearing the site of a destroyed house and building a replacement; however, the severity might be equivalent only to the cost of repairing the roof. Risk can also refer to the problems and opportunities that arise as a result of an outcome not being as expected. In this case, it is the event itself rather than the likelihood of the event that is the subject of the discussion. Similarly, risk can refer to the negative impact of an adverse event. Risks can also be divided into whether or not they depend on future uncertain events, on past events that have yet to be assessed or on past events that have already been assessed. There is even the risk that another risk has not yet been identified. 1 Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:17, subject to the Cambridge Core terms of use, available at . 2 An introduction to ERM When dealing with risks it is important to consider the time horizon over which they occur, in terms of the period during which an organisation is exposed to a particular risk, or the way in which a risk is likely to change over time. The link between one risk and others is also important. In particular, it is crucial to recognise the extent to which any risk involves a concentration with or can act as a diversifier to other risks. In the same way that risk can mean different things to different people, so can enterprise risk management (ERM). The key concept here is the management of all risks on a holistic basis, not just the individual management of each risk. Furthermore, this should include both easily quantifiable risks such as those relating to investments and those which are more difficult to assess such as the risk of loss due to reputational damage. A part of managing risks on a holistic basis is assessing risks consistently across an organisation. This means recognising both diversifications and concentrations of risk. Such effects can be lost if a ‘silo’ approach to risk management is used, where risk is managed only within each individual department or business unit. Not only might enterprise-wide concentration and diversification be missed, but there is also a risk that different levels of risk appetite might exist in different silos. Furthermore enterprise-wide risks might not be managed adequately with some risks being missed altogether due to a lack of ownership. The term ‘enterprise risk management’ also implies some sort of process – not just the management of risk itself, but the broader approach of: • • • • • • recognising the context; identifying the risks; assessing and comparing the risks with the risk appetite; deciding on the extent to which risks are managed; taking the appropriate action; and reporting on and reviewing the action taken. When formalised into a process, with detail added on how to accomplish each stage, then the result is an ERM framework. However, the above list raises another important issue about ERM: that it is not just a one-off event that is carried out and forgotten, but that it is an ongoing process with constant monitoring and with the results being fed back into the process. It is important that ERM is integrated into the everyday way in which a firm carries out its business and not carried out as an afterthought. This means that risk management should be incorporated at an early stage into new projects. Downloaded from . Stockholm University Library, on 27 Aug 2020 at 11:16:17, subject to the Cambridge Core terms of use, available at . 1.2 Why manage risk? 3 Such integration also relates to the way in which risks are treated since it recognises hedging and diversification, and should be applied at an enterprise rather than at a lower level. ERM also requires the presence of a central risk function (CRF), headed by chief risk officer. This function should cover all things risk related, and in recognition of its importance, the chief risk officer should have access to or, ideally, be a member of board of the organisation. Putting an ERM framework into place takes time, and requires commitment from the highest level of an organisation. It is also important to note that it is not some sort of ‘magic bullet’, and even the best risk management frameworks can break down or even be deliberately circumvented. However, an ERM framework can significantly improve the risk and return profile of an organisation. 1.2 Why manage risk? With this discussion of ERM, it is important to consider why it might be desirable to manage risk in the first place. At the broadest level, risk management can benefit society as a whole. The effect on the economy of risk management failures in banking, as shown by the global liquidity crisis, give a clear illustration of this point. It could also be argued that risk management is what ...
View Full Document

  • Fall '20

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture