Operational risk: Institutional uncertainties other than market or credit risk.
✔ Liquidity risk: Uncertainty about terms and the ability to make a transaction when necessary or desired.
✔ Funding risk: Uncertainty about whether investors will provide sufficient funds.
✔ Reputational risk: Uncertainty about how your entity will be perceived.
✔ Political risk: Uncertainty about government actions.
I also stick in some concentrated summaries of four sections of this book: Measuring Risk, Communicating Risk, Managing Risk and Working as a Risk Manager. You can also access bonus material at www.dummies.com/extras/financialriskmanagement, including ten great links that illustrate ten financial risk management lessons is amusing and dramatic fashion, from killer molasses to an Olympic David versus Goliath tale.
Where to Go From Here
If you know nothing about finance or risk and want to be a financial risk manager, I recommend reading this book in order. But, you can jump around to whatever chapters and sections seem interesting. Switching back and forth between theory and practice, between high-level views of the forest and detailed descriptions of individual trees may be the best way to understand what modern financial risk management is all about.
If you know nothing about finance, risk or financial risk management and are walking into work for your first day as a financial risk manager of a major global bank, turn straight to Chapter 10 and follow the directions step-by-step through to the end of Chapter 13.
If you’re really in a hurry, turn right to Chapter 20 and get all the really important stuff in ten minutes. Not ten minutes to read, ten minutes to read and do!
Wherever you start, I trust you’ll find information you can put to use.
Part I
Getting Started with Risk Management
✔ Recognize risk and distinguish it from danger and opportunity.
✔ Choose the right framework to make risk decisions.
✔ Take charge of risk: identify the goal, consider the options, and make the decision.
✔ Manage risk in the front office of a financial institution: set limits, approve trades, approve portfolio strategies, and deal directly with risk takers.
✔ Manage risk in the middle office of a financial institution: determine risk appetite, set risk policy, deal with the board and senior management, and work with regulators.
✔ Manage risk in the back office of a financial institution: create control frameworks, compile reports, monitor constraints, and identify issues.
Chapter 1
Living with Risk
▶ Exploring the idea of risk
▶ Managing financial risk
▶ Informing people about risk
Life is risk, and risk is life. Nobody knows what tomorrow may bring. As the poet Robert Burns famously put it, ‘The best-laid schemes o’ mice an’ men, gang aft agley, an’ lea’e us nought but grief an’ pain, for promis’d joy!’ (Roughly translated, Burns warns that careful plans can come to nothing.)
While most of us instinctively first think about bad risk, good surprises happen as well. ‘Fortune favours the bold,’ we are told, and, ‘Sometimes things just go your way.’ In fact, risk is more than just sometimes good, it is essential. As another saying goes, ‘The only place with people and no risk is a graveyard.’ Religions, philosophies and especially superstitions are deeply rooted in ideas about risk.
My topic is managing risk, not risk itself, which means that I don’t cover all the risks you can’t control – the sun going supernova tomorrow or being diagnosed with a genetic heart condition, for examples. Also, my topic is financial risk, so I don’t talk about risks that aren’t priced in the financial markets. That still leaves me with a large topic, but one I can cover in enough detail to be useful.
Understanding the Scope of Risk
Finance professor Elroy Dimson defined risk as meaning that more things can happen than will happen. Although stated in a folksy way, this idea is a deep one that comes from information theory and statistical thermodynamics. The tremendous range of future possibilities creates a kind of force – a tendency to disorder, a decay of information – called entropy. Entropy isn’t a physical force like gravity or magnetism, yet in the long run it determines both the fate of the universe and whether the ‘best-laid schemes o’ mice an’ men’ bring grief and pain or promised joy.
Everything humans try to do can be thought of as attempts to influence what will happen, but even the most precise and complicated plans are vastly simpler than the range of things that might happen. This essential feature of risk is lost when risk is reduced to probability distributions. These distributions require that the range of future outcomes is known exactly. In most cases of practical interest, probabilities can be estimated reliably only for outcomes that have actually happened in the past, and they only have much use if decisions are repeated often enough that each potential outcome actually happens.
This doesn’t mean that conventional statistical analysis is useless – far from it. I’m a big fan of quantitative reasoning. But the risk in risk management is something distinct from the risk that can be modelled with probability distributions.
One popular approach is to model risk as a casino game. This frequentist approach can yield insights, but it is very limited. Casino games can be played over and over, and have a known range of outcomes with known probabilities. Real risks only happen once, and you can only guess at the range of outcomes and probabilities. Author Nassim Taleb has dubbed this approach the Ludic Fallacy. If all risks were playing roulette or drawing cards, we wouldn’t need risk managers.
Another popular approach, called Bayesian, treats all risk like bets on a sporting event. This is more accurate than the frequentist approach because it can handle events that only happen once, with some unknown potential outcomes and only guesses about probability. But it is still a limited model that does not capture all important aspects of risk. Risk managers draw on a broad spectrum of risk models, frequentist and Bayesian, plus models drawn from evolution, statistical thermodynamics, behavioural studies and game theory. And they know that even with all the different analytic approaches, important aspects of risk are missed.
Consider a teacup. You know that teacups can shatter into shards and dust, and also that shards and dust never spontaneously recombine into a teacup. Why? Because of all the possible arrangements of the atoms that make up a teacup, only a negligible fraction actually are a teacup. That’s all you have to know to predict that a teacup is fragile. It can shatter, but it can’t self-construct. Any sufficiently large change in conditions – impact, temperature or others – will destroy it. If I have a china shop, I know that it won’t last forever; I don’t need a bull to destroy it. Risk and time are enough.
Some things in the universe do come into being spontaneously – stars, for example, and people and crystals. In many cases these things gain from disorder and change. They can be destroyed, but they can also recreate without outside help.
The same thing is true of human plans and