Science in Finance VII: Risk Management — What is the Point?
Another day, another financial institution collapses.1 Bear Stearns, fifth largest US investment bank, has gone. I've worked closely with Bear brokerage in the past and quite enjoyed the experience. It's the prime brokerage that JP Morgan is presumably after. I'm a quant not an accountant so was surprised to see that Bear's assets were just 2-3% higher than their liabilities. If this is standard practice in this sector then crikey, we really are doomed! Who in their right mind would run a business that way? Sorry if I seem awfully naive, but as someone who has himself run a few businesses in his time, albeit on a somewhat smaller scale, to me this does seem highly irresponsible.
Investments (although that hardly feels like the right word) in mortgage-backed products and over-zealous lending combined with one particular scenario are at the bottom of this. This scenario is that of falling house prices. But isn't scenario analysis supposed to spot this sort of exposure? It's not as if falling property prices are totally unheard of. As those of you who have heard me lecture will know, I always like to boil things down to everyday experiences. And according to my experience there is a one in three chance of losing money in property! (Like most people with similar experiences it was the early 90s to 'blame' in my case.) And a one in three chance is not exactly the 10 standard deviation excuse du jour! It has been suggested that many bank employees are too young to have experienced negative equity and therefore it is off their radar, but if that is the case then what is the point of risk management at all? What is the point of all those risk management qualifications that are springing up like mushrooms? It has also been suggested that senior
'This essay was first written on 18 March 2008. people don't have a clue about the instruments that their bank is trading. So I really would like to know how they fill their days, whatever they are doing it is clearly not productive.
Are those in positions of responsibility at Bear Stearns blameless? Did senior management really think that their downside was tolerable, that Value at Risk and stress testing were giving an accurate picture of potential losses and their probabilities? Again we come back to that old problem, if there s no downside then irresponsible people will prosper at the expense of the rest of us. And it seems that only the irresponsible rise to positions of responsibility in this business. Ironic.
Or maybe they are so lawyered up as to feel invincible. I am sure there will be civil suits in some of these cases because you can guarantee that the lawyers will, as always, be the big winners. They are paid to ensure that your back is covered no matter how unethical your behaviour, and then they are paid again when you are inevitably sued.
On the subject of ethical behaviour, don't some of these risk management courses teach about ethics? Or does understanding ethics these days amount to knowing who are the best lawyers? Personally, if I know someone had to go on a course to learn business ethics then I would ask myself whether that's a person I can trust. A risk management qualification is just another preventative measure against being sued, just like the 'Mind the Step' signs in restaurants? What, you broke your leg? Not our fault, mate, didn't you see the sign? (I was disappointed to discover recently, but not surprised, that they've taken peanuts out of Revels chocolates. Some people suffer from allergies, and presumably can t read, so we all have to do without.)
Risk management must be consistent with protecting the wider interests of the institution rather than being easy to manipulate towards the narrow interests of some employees. At present the concept of risk management only exists to make it easier for people to take risks that common sense would suggest are stupid, but risks that people still want to take because of the huge upside for these same people in terms of bonus. Let's face it, that's what rules and regulations are for. As Madness said in Baggy Trousers, 'All I learnt at school was how to bend not break the rules.
I d now like to explain how I think risk management should work. It s a simple combination of standard practices that I have used very successfully in the past. It s not exactly earth shattering, but it shows how to focus your attention on what matters. I will also finish with a small proposal for how to approach scenario analysis.
Roughly speaking, I tend to think in terms of three different levels or classes of risk management. These are
Level 1: Probabilities and VaR Level 2: Worst-case scenarios
Level 3: Invasion by aliens, 'It's the end of the world as we know it, and I feel fine' (REM this time!)
Level 1: Typical day-to-day markets for which it is acceptable to work with probabilities and even possibly normal distributions. Correlations, while never exactly trustworthy, will not be a deciding factor in survival or collapse. Use probabilities and talk about Value at Risk by all means. This is really just classical mid 1990's risk management, with not too much worrying about fat tails. To some extent trust in a decent amount of diversification. The rationale behind this is simply that you never know what your parameters or distributions really are and so you are better off with simple calculations, more instruments and plenty of diversification. You may not make a profit but at least you won't be killed during a quiet day in the market.
Level 2: Situations which will cause your bank or hedge fund to collapse. Test your portfolio against a wide range of scenarios and see the results. But since these are situations resulting in the collapse of your institution you must never, ever talk about probabilities, except in terms of how many centuries before such events may happen. I would much prefer you work with worst-case scenarios (as in the very simple concept of CrashMetrics). I sometimes use the example of crossing the road. Imagine it's late, it's dark, and it's raining. If you cross the road there is a 5% chance of being hit by a bus and killed. That does not mean that tomorrow 95% of you goes to work! No, you assume the worst, because it is so bad, and cross the road elsewhere.
Certainly there is little role for Extreme Value Theory (EVT) in its fiddly, detailed sense. Consider these two statements about the same portfolio: 'According to Gaussian distributions the expected time to bank collapse is 1025 years' and 'According to EVT the expected time to bank collapse is 50 years.' The difference between these statements should only be of academic interest. Such a portfolio must be protected asap. Of course, many people would be happy with such a portfolio because 50 years is still longer than a trading career. Such people should not be in positions of responsibility. As I said above, 'risk management must be consistent with protecting the wider interests of the institution rather than being easy to manipulate towards the narrow interests of some employees.' To recap, if it's bad enough to cause bank/fund collapse you don't look at probabilities. Handle extreme events with worst-case scenario analysis.
Level 3: Scenarios which are so dire as to affect the world directly. I always use the example of invasion by aliens as an example, since there are whole bodies of literature and movies that have explored the effects of such an event, but we have little idea of the probability! If your hedge fund will collapse in the event of invasion by aliens, or drying up of oil supplies, or decimation of the world's population by bird flu, then I wouldn't necessarily change your portfolio! You'll have other things to worry about!
Finally, a small proposal. I would like to see risk management forced to engage in the following task, the reverse engineering of a bank collapse. Start with your current portfolio and imagine being called into the big boss's office to be told that the bank has lost $50 billion. Having put yourself in the frame of mind of having already lost this amount, now ask yourself what could have caused this to happen. As Einstein said: 'Imagination is more important than knowledge. This should be the mantra for those in risk management. There is always going to be something that will come as a surprise at the time but with hindsight you realize could have been expected (if not necessarily predicted). Once you have figured out what could have caused this loss then you ask about the likelihood of this happening. The result of that analysis then determines what you should do with the portfolio. If, for example, the answer is simply that a fall in property prices caused the loss then you must get out this very instant, before it actually happens. You see the idea, work backwards from the result, the loss, rather than pick (possibly convenient) scenarios and look at the effects. Then estimate the likelihood of the chain of events happening, and act accordingly. Going the other way is more open to abuse. Scenario testing is a beautiful concept, if one gets to choose the scenarios to test. And those of weak character will not, of course, test any scenario that might jeopardize a juicy trade.