Eclectic, issue 3, Winter 2000/2001

Strapline: Corporate Finance

Heading: Risk management tools and structures

Standfirst: Bankers have a duty to contribute to the development of risk management as a separate business discipline. MICHAEL VINCENT of Monash University, Australia, looks at some of the tools used by financial institutions - duration, value of risk, value at risk - and how the management of risk should be structured

Text: Have you wondered why the words "risk management" are heard so widely today? Have you considered what can be achieved with an understanding of the term? Indeed, is the term used or misused in today's banking community?

As Peter Bernstein showed in his history of risk, Against the Gods, risk became an acceptable term when the vast majority of people decided they could control their own future, and that God did not preordain every facet of human life. Thus began the struggle to identify and manage risk. Along the way risk has come to be many things to many people: from finance; to insurance; to occupational health and safety; to engineering tolerances; and all points in-between, this facet has led to considerable anguish in the financial world.

In the past, banks had the luxury of employing large numbers of people in middle management positions. These managers ensured the needs and wants of the organ izational design were met in all ways, sometimes subliminally. By having a large management structure that was used for checking and ensuring compliance, risk was contained and controlled in a simpler and more structured world.

The winds of change started to sweep the financial community in the late 1970s and continue to this day. Competitiveness, efficiency and productivity have become the by-words of today's business environment. Any country or business that ignores the pressures generated by the forces of change is only delaying the inevitable.

One of the more significant outcomes of the change process over the last decade is the virtual elimination of the middle management ranks that had grown to an enormous size since the end of the Second World War. Without middle management, how can a business be effectively controlled? That is the question that must be answered for financial institutions to survive and prosper into the future.

The development of risk management

Developed countries and business have made great leaps over the last decade but must continue to change and adapt for them to keep their regional advantage. They need to understand risk management and apply the principles of risk management. However, a new paradigm must be accepted and adopted. Bankers have a duty to contribute to the development of risk management as a recognized and separate business discipline that enables a financial institution to chart its future in an effective and orderly way.

Banking has become much more systematic than in the past. As today's larger banking groups aim for shareholder value, they are trying to unlock value by massive restructuring. One of the offshoots of the process is the increased risk and volatility of the system. Banks face a wide variety of risks in the day-to-day operation of their business, not including staffing and physical issues. Chief among these are:

_Interest rate risk.

_Credit risk.

_Market risk.

_Foreign exchange risk.

_Liquidity risk.

_Solvency risk.

Duration and other risk management tools

Interest rate risk is currently the main risk, although as the mix of banking changes so will the degree of order of the risks. Interest rate risk is the risk of adverse price movements of a security due to changes in interest rates. Duration, a tool to measure the exposure, is a gauge of a security's exposure to interest rate risk. It measures the time flow of cash from a security.

In other words, duration is the effective maturity of a security because it can account for the interim cash flows. Traditionally duration as a risk management tool has focused on bond portfolios but financial institutions are casting a wide net for risk management tools. Duration, value at risk, liquidity at risk and the recognition of the value of risk are various techniques for recognition of the risk profile of a bank's balance sheet.

In recent years, risk has become a vital issue for financial institutions management; its successful identification and mitigation will more and more separate the market leaders from the also-rans. In the context of financial institutions, risk is defined as "the adverse impact on profitability of several distinct sources of uncertainty".

Duration is an instrument to measure interest rate risk. Frederick Macaulay first developed it in 1938, when it was seen as a better way to summarize the timing of bond flows than the measure of term to maturity. Duration relates the percentage price change of a security to a single property of the income stream. Today, duration is widely applied to the asset and liability scenarios of financial institutions. Effectively it is seen as an alternative to gap management (the monitoring of interest rate sensitivities and maturities of assets and liabilities.)

Comparing the balance sheets of various international banks, assets in general have a duration much longer than the average liabilities. Accordingly, long terms asset are financed by short term liabilities. This is due to the inherent characteristics of individual securities; that is, the predominant assets are loans and mortgages, which have long durations.

On the other side of the balance sheet the majority of liabilities are comparatively short term. This can be an advantage in a falling interest rate environment. However, if interest rates rise the market value tends to decrease, and financial institutions are exposed to volatility in a way that can lead to large accumulated losses. We are in an environment of upward moving rates in the western world with some saying they have peaked, but I believe we have at least another year before the pressure is off.

The lesson is, if financial institutions have a certain idea of the direction of movements in interest rates, they can apply duration strategies to optimize the asset and liability portfolios according to the expected changes.

Value at risk and value of risk

There is a large and varied discussion revolving around the application of value at risk (VaR) that is worth summarizing here. The point to note, though, is that very little time or thought has gone into the value of risk. We are very busy placing a negative thrust to the management of risk and applying methods to manage or minimize the perceived risks but few are looking at the positive side of the equation. In banking terms we must see a traditional full service bank as a risk attacker.

The perception in the community is that banks are safe and secure. This is simply not so. A successful bank is one which accepts corporate risks, off-lays and/or manages them for a profit. Therefore, a bank must accept the principle of the value of risk and apply that principle through its risk management process. This process may involve analysis of value at risk, economic value added, liquidity at risk or some other model depending on the methodology used by the individual bank.

In this article I am purposely avoiding the use of formulae or graphs and relying on words to simplify an often over complicated issue. Risk is about the degree of uncertainty surrounding future earnings. Uncertainty becomes the central theme of the equation and risk is extended by type and severity. The concept of VaR is central to effective risk management. Value at Risk is a measure of the maximum potential change in the value of a portfolio of a financial institution's instruments with a set probability over a pre-set time horizon.

Finance theory strives to measure risk and its impact on financial institutions. Securitization has been the driving force in the need to understand the volatility of the portfolio under management and the consequent impact on the health of the bank or institutional balance sheet. The main advantages of VaR as a management measurement tool are that it:

_    Utilizes a short forecast horizon of market variables, and

_    Uniformly adopts mark to market.

VaR requires the institution to have all positions marked to market and future volatility and variability values estimated. In other words, VaR is simply part of a suite of risk management methods. The real value of VaR is that it aggregates several components of market risk into a single understood number by examination and analysis of:

      __Normal market conditions.

      __Specified time horizon.

      __Probability of event occurrence.

      __Measure unit applicable.

In practice there are different models, with wide and differing assumptions and different methods of calculation that produce a wide variety of results. In practice one must define the application and methodology and ensure a wide understanding of the method so that the results cannot be skewed by a lack of understanding. Some of the limitations of the practice are that it:

__Concentrates on a single and at times arbitrary point.

__Must be recognized as a statistical measure, that needs interpolation.

__Difficult to apply the concept of uncertainty, such as difficult market conditions.

In calculating VaR, four broad and three underlying approaches or methods can be identified.

Broad approaches to VaR

1.Historical

_Define and list market factors.

_Collect values for period.

_Calculate the change from period to period.

_Create a selection of alternative values by analysis of current values of observed changes over time.

_Select current or present value over alternative selections

_Sort from highest to lowest

_VaR is then calculated utilizing the desired confidence interval.

2. Hybrid

_The most recent return assign a weighting.

_List in ascending order.

_Use linear interpolation - start from the lowest.

_Combine approaches.

3.Simulation

_Sort instruments in order of complexity by market factors or factor.

_Collect information for a given portfolio period.

_Smooth out period by period.

_Obtain the portfolio distribution.

_From above VaR is able to be calculated.

4.Cash methodology

_Can be earnings at risk, solvency at risk or the most popular cash flow at risk. Many methods of calculation.

Underlying approaches

1. Closed form value at risk

_Used for simple portfolios.

_Also called parametric or delta-normal.

_It assumes that the portfolio is normally distributed and will behave linearly with applicable risk factors.

_Calculations based on volatilities and correlations of applicable risk factors.

_Can be used for portfolios like spot or forward foreign exchange positions or short term debt instruments.

_Will not work in portfolios that contain options, structured notes or mortgage-backed securities.

2. Delta-Gamma value at risk

_Utilize quadratic assumptions instead of linearity assumptions.

_This will incorporate second order sensitivities into the equation. this enables the model to be more complex and creates applicability for a wider range of portfolio application.

_Again not fully applicable to options or exotic derivatives.

3.Monte Carlo value at risk

_For use in complex portfolios.

_Will produce constant precise results for portfolios that have a significant gamma or convexity.

We can now define VaR a little more precisely. A good definition was proposed by Beckstrom and Campbell in Introduction to VAR: "VAR is the expected minimum loss in currency units over some time interval for some level of probability selected by the portfolio manager. The questions that need to be asked are: 1. How much money might we lose? 2. Over what period? 3. What is our confidence level or probability of event occurrence?"

In a financial institution the mere identification of VaR may not be a full measure as it may only identify the value of various portfolios in isolation utilizing differing methods of calculation. Banks need to identify risk and exposure for credit or portfolio, liquidity or operational and then allocate capital accordingly. VaR can be translated to CAR, or capital at risk, and this measure can give a tolerance level for loss at a given level of risk. This identified level then can be classed as the default probability of the financial institution.

From an industry viewpoint VaR supports the principles of the Basle Committee and sophisticated versions have been developed to support the application throughout the industry. In Europe the European Parliament and Council of the European Union have laid down directives, known as Capital Adequacy Directives and its descendants, in the recent set or provisions on accurate internal systems for daily risk control and appropriate measures for trading limits. The regulations require that financial institutions must comply with EU directives. VaR and its derivatives have the ability to comply.

Risk needs to be identified, quantified, mitigated or controlled; VaR and its derivatives are tools to achieve business measurement and objectives. However, any business and especially the financial sector needs to move forward and create an environment for change management and to strive for better methods of risk management and value creation.

Risk management structures in financial institutions

Risk is moving up the corporate agenda because of compliance issues. The management of banking risks is a matter of judgment and perspective; different stakeholders in a business see the approach to risk and its management differently. Risk and its management must be seen as a positive for a financial institution as confidence is all encompassing and the downside is failure. Too often, though, we tend to dwell on the negatives and at times therefore missed opportunities abound. This is particularly true of banks that as a group at times tend to adopt the lemming principle. Successful banks of the future will carve out market niches and structures that will facilitate success and enable them to ride the waves of business fortune.

Banks are experimenting with different structures and one Australian bank and several UK banks have redesigned their structures to manage risk in all its variants under one command structure. This means that many diverse tactical elements of risk are housed under the one administrative umbrella with a clear path to the board via its own senior management.

What are the components of business risk that need to be structurally addressed?

1.Strategic - the risk of planning failure

_Poor marketing strategy.

_Poor acquisition strategy.

_Unexpected changes in consumer behaviour.

_Political and regulatory change.

(Note to design: line space here)

2.Financial - the risk of financial controls failing

_Treasury risks.

_Lack of counterparty and credit assessment.

_Fraud and its control.

_Systemic failure.

_Poor receivables and inventory management.

(Note to design: line space here)

3.Operational - risk of human error, either willful or by omission

_System mistakes.

_Unsafe practices.

_Employee routines.

_Willful destruction.

_Fraud.

(Note to design: line space here)

4.Commercial - risk of business interruption

_Loss of key personnel.

_Supplier failure.

_Legal issues and compliance.

(Note to design: line space here)

5.Technical - risk of physical assets failing

_Equipment failure.

_Infrastructure breakdown.

_Fire and physical impact.

_Explosion and/or sabotage.

_Pollution.

_Natural events.

(Note to design: line space here)

The three "Rs"

In the above scenario financial risk is seen as a component of business risk and not business risk management. How can the above points be overlaid in such a way as to add value to the financial institution? We are very well drilled as an industry in the risk and return scenario and if we pay attention to the above aspects we can develop a third "R", Regret. The three Rs are therefore:

a.Risk - the level of acceptable exposure in order to create shareholder value.

b.Return - the level of shareholder value created in line with the level of risk accepted.

c.Regret - the level to which a decision for a given return will be regretted in the future if the worst-case scenario comes to pass.

Risk and return are the traditional measures of value creation and can be graphically illustrated in dollar and percentage terms readily by today's computer environment. However, regret is the additional level of analysis required to link business risk analysis with financial risk measurement. This level of regret can fundamentally change the way in which a financial institution reaches its decision of risk and return, and how it is implemented within the entity.

Capital is a scarce resource and the finance community is always looking for smarter ways in which to invest those resources to create greater shareholder value and ensure survival and growth. Banks that fail to develop measures to manage risk will fall by the wayside and be replaced with smarter institutions that can quantify exposure and manage risk for profit; in other words, accept that they are risk takers and manage accordingly. Regret as a decision tool, along with integrated risk management, consisting of VaR, CAR, liquidity at risk and economic added value in my opinion will over time fundamentally change the approach to the definition of bank management and its need to add value to its shareholders.

As Kevin Dowd said in his introduction to Beyond Value at Risk - the new science of risk management: "Everything changes and changes can be good or bad for those affected by them. Change therefore leads to risk, the prospect of gain or loss and risk (or more precisely, the risk of loss) is something that we must all come to terms with. Coming to terms with risk does not mean eliminating it from our lives, which is clearly impossible; nor does it mean that we should have done nothing about it. It means that we must manage risk: we must decide what risks to avoid and how we can avoid them; what risks to accept and on what terms to accept them; what new risks to take on and so on."

Most banks tend to punish risk taking by individuals because senior management do not accept the premise that banks are, in fact, risk takers. A successful bank of the future will be a bank that understands business risk and its customers and can accept a level of risk for an acceptable level of return rather than accepting simply a level of return on any given portfolio. VaR and its derivatives is potentially an important weapon in a financial institutions armoury of survival. Banks need to accept the principle of Risk, Return and Regret. It is the regret factor that will ensure long-term survival.

____________________________________________________________

Michael Vincent is Director, Australasian Risk Management Unit, Faculty of Business and Economics, Monash University, Victoria, New South Wales, Australia

Author's recommended reading

(Query to author: Please can you add the missing details to the following books which you referred to in the article. Are there any other books you would like to recommend? If so,please give author's name, title, publisher, place of publication and year of publishing.)

Beckstrom and Campbell, Introduction to VAR,(Please add name of Publisher, City, Year.

Bernstein P, Against the Gods, (please add name of Publisher, City, Year).

Dowd K, Beyond Value at Risk -The New Science of Risk Management (please add name of publisher, City, Year)