Risk Management Pt2: Implementation Issues and Data within Risk Management
This is the second of two articles exploring Risk Management, where Chris Sandford (Actuary and Risk Consultant) and David Sellors (Senior Consultant at ISC) discuss the current state of risk management within the Asset Management industry. In this article, discussion focuses on the importance of data and communication within the Risk Management process, and the issues and experiences surrounding the implementation of risk system The first article, which focused upon the fundamental role of Risk within the Investment.
Risk Management: Building Blocks - Data, Approach and Implementation
Regulators, politicians, 'Too Big to Fail' Banks as well as some Hedge Fund managers have hard questions to answer. Even 'safe' Insurers have failed spectacularly. The questions posed here are whether systems delivering current risk management information are effective and how can they be improved?
DS: Following on from our first session where we discussed Risk within the Investment Management process and the concept of the Risk 'Toolbox' in aiding the decision making process; let's move onto discussing with regard to asset management institutions which Risk Management Systems and Techniques are appropriate. There are a large number of products covering different sets of asset classes with very different complexity and price tags. It is hard to answer this question generally but we can tease out the principles.
CS: The choice also depends on the investment process and the different stakeholders' requirements. It's all too easy to plunge into viewing competing risk management systems and seeing some awesome presentations and getting bogged down in the technicalities of each system. A good case in point is derivatives; several years ago few may have been used and the risk systems had manual workarounds for them. With increased volumes, both by number and size of instruments, it becomes important to review systems and the working practices surrounding them. It is good practice to review them every three years or whenever there is a significant change, such as the introduction of a new derivative type. Good change control helps but isn't the whole answer, as risk systems are also evolving and a different solution may be much better than patching the existing one. Process and Management
DS: That is a common problem we see. While engaging in this process, it is worthwhile looking at your processes to ensure that while you cover everything off, you don't look to simply replicate current methods in your post implementation environment. New systems may require some changes to the way you do things. Don't get too hung up on current process. A two phase approach often works better; gathering what business heads' know they like & dislike, the known gaps plus whatever knowledge there is about external products capabilities. Consultants, such as ISC, who have experience of other systems can add value here and produce a script for a few initial presentations. The key here is that these presentations should not be regarded as selection, more as education. The output of these initial meetings should boost the definition of the requirements, not only 'drop-dead' ones but also 'nice to have' ones. Also, this initial phase can flag up the softer and peripheral issues such as how candidate systems will interface with existing ones. Lastly, it should also help identify requirements outside vendors' systems capabilities that may require in-house development.
CS: Having a reliable Requirements Specification, whether it comes from a review and gap analysis or an explicit selection exercise, saves time and money. New requirements turning up, when the project is almost complete, are expensive. Potentially much more expensive are requirements not being identified or not being retrofitted adequately.
Communication and Governance
There is a conundrum, which is unintentionally often left on the asset managers' plate. The return target set is based upon well-behaved, stable assumptions about the behaviour of markets. As we have seen, so-called 'black swan' events occur very much more frequently than the assumptions that most financial theory is built upon imply.
Prior to the 1987 crash, markets might have seemed largely well behaved. After that, a Black Swan had been sighted. One now might be forgiven for wondering when we will see a white swan again! This is the elephant in the room; the models commonly used are wrong. Worse, we know so. With trepidation, I'd liken this to Galileo's observation that the Earth went around the Sun.
Those in power, found this to be an inconvenient truth. Their credibility and well-being depended upon it. But here and now we have false assumptions too:
- Returns in different periods are totally independent. Demonstrably they are not.
- Returns are distributed as per the bell shaped normal curve. Demonstrably they are not and are more extreme, especially negative ones.
- Volatility is constant. Demonstrably it is not.
It is really by ignoring these issues that we disable our ability to manage risk effectively and consistently for all stakeholders. The truth, inconsequential at one level, is not so in the extremities. What may be adequate for a diversified portfolio relative to a similar benchmark is far from so for a sponsor, consultant or fiduciary manager who has to bridge all the false assumptions.
We need to distinguish the 90% where the 'fair weather' assumptions roughly hold from the 10% where they uncomfortably don't. The dialogue between client/sponsor, consultant and investment manager can break down here. Agendas differ; fundamental asset managers have long-term processes; arbitrage managers short term horizons. Consultants advising on managers like to see them stick to their value added processes. Sponsors' Boards and Trustees meet monthly or quarterly. So who is at the wheel and empowered to turn to avoid the proverbial iceberg?
This really opens up the overarching question about the relation between Governance and Executive responsibility. It is the hot potato. Not just which risk systems are needed or best but how we interpret and respond to them. The 'Fire Emergency' plan needs to be fully fledged in advance. Do we stay in the room or how do we exit? Mixing my metaphors, but is it best to ride out the storm or liquidate hedge positions? The Investment process and structure of managers are important here too. It is all very well individual managers having good systems, but who has the overall picture?
DS: How risk numbers and these issues are communicated is crucial. Explaining risk in non-technical terms is not simple. Technically minded risk managers need to communicate with clarity yet without over-simplification. There is an ongoing need to demystify and educate. There are both dangers with trying to sum everything up in a single number or burying people in a sea of numbers. Putting the numbers into context is important. Is the VaR number higher or lower than historically? How much reliance can be placed on a 95% or 99% VaR number? If the risk model uses 3 months, 3 or 30 years of data to train the model, the answers are very different.
CS: Models based on 5 years history are obliterating their memory of the triggers of the Credit Crunch in 2007; three year models have forgotten the large losses in 2008/9. Very different models are needed for investigating the high risk, infrequent 'tail-end' events rather than day-by-day management of assets.
DS: 95% VaR only gives the smallest loss that has occurred in the worst 5% of events in the model. For a three-year model that equates to the best of the 13 worst events. cVaR, Conditional VaR, is the average of these 13 events. This doesn't even tell us the worst outcome in the last three years let alone the crises that you refer to over the last 25 years.
CS: You have highlighted a major reason why we need a toolbox approach with multiple tools, i.e. techniques and models. For the painful extremes, we need distributions derived from a long history to capture infrequent events. The relationships, or correlations between assets, are key here as they are very different from their overall averages. By contrast, for active day-today management, a model with recent correlations and current volatilities may be more helpful. Other 'tools' are needed to deal with new assets e.g. IPOs, options that have little or no history and need modelling or a proxy.
If we are not going to be totally constrained by history, we also need techniques that aren't just replaying historical returns. Stress Testing is one example. One could, for instance test the effect of the LIBOR spread changing. That is entirely valid; the trouble is that prior to 2007 no one could envisage it changing by more than a few basis points. The Credit Crunch showed otherwise. Monte Carlo simulation and Scenario Analysis can help here but there still is a need to push the assumptions beyond history.
Although the ultimate 'Black Swan' event cannot be predicted, we can learn to incorporate the inconvenient truths, the stretch assumptions and the intimation of new risks. Humans could not intervene as fast as the electronic trading systems that created the instabilities responsible for the 'Flash-Crash' and 'QuantQuake'. A grown-up risk management process needs to know how to react to these events and equally to 'Bubble' type events with protracted, unprecedented and extended valuations. That's a major topic by itself.
Data and systems
DS: Underlying all of this, of course is that we need a lot of data, systems and analysis. Clearly, everyone needs timely answers to these questions and on-going updates. Whether they get those answers inhouse, from a fiduciary manager, consultants or their managers depends on their circumstances and the complexity of their requirements.
CS: Yes, every asset manager has a big 'garbage in, garbage out' challenge to overcome. Data is at the centre of all analyses; a very small number of errors, wrong prices or unrecognised assets, will lead to very misleading results. Because risk systems rely on the relationships between assets, one error affects lots of assets and lots of factors. This also can make detecting the source hard too; the absence of one hedging asset can accentuate many other risks. Transactions based on false information are expensive!
DS: And it is not just the quality of the underlying data but how it is managed. Moving data in a timely fashion without compromising the quality is essential and to do this a robust infrastructure is a high priority. We have often seen a 'sticking plaster' approach where a firm is trying to manage their data without the proper investment in systems and data governance.
The latter point is important because it is not just the implementation of 'a system' but a whole process of managing the data with the appropriate resources and processes.
CS: Data management is sometimes left until last when it comes to the budget. It isn't a necessary evil but is simply essential if results are to be timely and accurate. Inaccurate results quickly undermine confidence; tracing errors and recalculating risk means results will not be timely. 'What-if' risk management then swiftly becomes 'so-what!' risk measurement.
DS: It's very clear that getting both data sources and processes right at the start is cheaper than patching it later and means better support for the investment process and risk management and fewer changes later. This brings it full circle then in terms of what we are probing and perhaps is an apt place to summarise some of the key points we have raised during our discussions.
CS: Indeed, let me try to do that. In our first discussion we covered:
- Risk management is integral to the investment process.
- Transparency. Understand the assumptions as well as the results.
- Limitations of all Risk management/measurement tools:
- They cannot predict the future (black swans)
- Each model/technique within your wider toolbox is fallible.
And, in this second discussion, opened up surrounding key issues without which risk management will fall short or fail:
- Reporting should reflect the risk management and the Investment process.
- Data management is key; otherwise it is 'rubbish in rubbish out'.
- Get the Governance right at both at the data and risk team levels.
- Invest in the appropriate systems, tools, processes and data.
CS: We both know that we have only here been able to scratch the surface of perhaps the major strategic topic for not only asset managers but also for all financial services companies.