Fork me on GitHub
Module 26: Risk Optimization and Risk Responses

Module Objective

Discuss the application of risk management control cycle including the relevance of external influences and emerging risk

Describe risk optimization and responses to risk

  • How to optimize an objective, possibly subject to constraints

  • Risk optimization and responses to risk using illustrative examples

Recommend approaches which balance benefits against inherent costs, that can be used to manage an org’s overall risk profile

  • How to reduce risk by transferring it

  • How to reduce risk without transferring it

  • Understand the importance of residual risks and new risks arising following risk mitigation actions

  • Understand how an org’s ability to manage risk is affect by regulatory, capacity and cost constraints


After analyzing and assessing risks, the next stage of the cycle is to decide how to deal with them

  • This module discuss general risk responses, including optimization and constraints

Sec 1 is an overview of the aims of risk control and notes that selecting ERM responses bears similarities to the active management of a bond or equity portfolio

Sec 2 consider active portfolio management and what lessons are applicable to ERM

Sec 3 consider the possible responses to risks (reduce, removal, transfer, retain)

Sec 4 looks at alternative risk transfer which combine features of derivatives and insurance and offer innovative ways to transfer risk

Risk Control

Risk management can optimize the risk/return profile of the organization by:

  1. Support selective growth of the business

    • Establish process for assessing new opportunities

      (incl. assessment of risk adjusted return)

    • Allocate capital and other resources to BUs or activities with high risk-adjusted return

  2. Support profitability through risk-adjusted pricing

    • Prices should reflect the cost of risk (capital)

      (In addition to funding costs and operational expenses)

    • NPV and EVA do not fully reflect the cost of risk if it is based on book values of capital

  3. Use limit setting to control the size and probability of potential losses

    1. Set basic exposure limits:

      Provide absolute limits on exposure

    2. Set stop loss limits:

      Limits on actual losses, which if reached will trigger management action

    3. Set sensitivity limits:

      Keep potential losses from potential extreme events within acceptable bounds (avoid excessive concentration of risk)

  4. Employ techniques to manage existing risks

    1. Active portfolio management:

      Manage the company’s portfolio of activities where each has their own risk/return characteristics

    2. Reduce risk:

      e.g. duration matching to reduce interest rate risk

    3. Transfer risk to a 3rd party:

      e.g. with insurance or derivatives

    Active portfolio management and risk reduction strategy are often used in preference over risk transfer as they are usually more cost effective and longer term solutions

    Risk transfer tend to be quicker and easier to implement

Portfolio Management Techniques and ERM

Recall from Module 4 Section “Internal Risk Framework Components”:

  • Portfolio managment is one of the 7 major components of the ERM framework

Fundamental Concepts of Portfolio Management

Objective of RM is to optimize the balance between risk and return

  • Optimatlity is judged by reference to risk appetite

  • RM is not simply minimizing risk

5 fundamental concepts in the management of a portfolio of risks

  1. Risk:

    Typically expressed as the \(\sigma\) of returns

  2. Reward:

    Usually expressed as the expected return on investment

  3. Diversification:

    Reduce overall risk by investing in many different projects or assets whose returns are not perfectly correlated

  4. Leverage:

    Borrow money and investing it

    \(\hookrightarrow\) increase the potential risk and return profile of the overall portfolio

  5. Hedging:

    Entering into an agreement which reduces risk, usually because the position taken is negatively correlated with the org’s existing position

Risk-return Measures

ROA or ROE fail to reflect the risk taken to achieve the return

Risk-adjusted return on capital (RAROC):

\(RAROC = \dfrac{\text{risk-adjusted return}}{\text{capital}}\)

  • Can be calculated for an institution as a whole or for each separate activities

  • Can be based on actual or expected return and capital

Sharpe ratio:

\(SR = \dfrac{R_p -r_f}{\sigma_p}\)

  • Commonly used in the assessment of investment managers, compare those who have taken different level of risk

  • Measures the out-performance (in XS of risk free return) compared to the riskiness of the portfolio (\(\sigma_p\) volatility)

Return on risk-adjusted assets (RORAA):

\(RORAA = \dfrac{\text{net income}}{\text{risk-adjusted assets}}\)

Risk-adjusted return on assets (RAROA):

\(RAROA = \dfrac{\text{risk-adjusted return}}{\text{assets}}\)

Return on risk-adjusted capital (RORAC):

\(RORAC = \dfrac{\text{net income}}{\text{capital}}\) or \(\dfrac{\text{net income}}{VaR}\)

Risk adjusted return on risk-adjusted assets (RARORA):

\(RARORA = \dfrac{\text{risk-adjusted return}}{\text{risk-adjusted assets}}\)

Risk Optimzation

Orgs need to adopt a risk optimization strategy which can aligned to stakeholder expectations

  • e.g. powerful segments may exist who are unwilling to accept any degree of risk exposure

Remember the BoD should aim to maximize s/h value

  • Vital to remember that risk presents both upside and downside and it is the balance of risk against reward that drives optimization strategy

2 types of risk

  1. Specific risk:

Risk particular to a company, which can be diversify away

  1. Systematic risk:

Risk of being in the market, can not be diversified away

Total Variance of a Portfolio of Equally Weighted Assets

\(\sigma^2_p = \underbrace{\overbrace{\dfrac{\bar{\sigma}^2}{n}}^{\lim \limits_{n \rightarrow \infty} \rightarrow 0}}_{\text{Firm Risk}} + \underbrace{\dfrac{n-1}{n}\bar{\operatorname{Cov}}}_{\text{Systematic Risk}}\)

  • Systematic risk remains even as \(n \rightarrow \infty\)

  • Formula assumes each of the \(n\) securities have the same \(\sigma\) and \(\bar{\operatorname{Cov}}\) with each other

  • For a diversified portfolio the contribution to portfolio risk will only depends on the covariance of the security’s return with other securities

Method based on MVPT

  • Consider the company to be a collection of projects with their own risk/return profile

  • Then we can apply mean-variance portfolio theory to locate the efficient frontier for all available projects

  • And determine the optimal mix of projects that leads to the highest level of return given the risk appetite of the org

The MVPT can be extended to any portfolio of risks through consideration of the potential rewards arising from the adoption of any of the wide range of different risk management strategies available

  • The optimization exercise should be carried out in relation to the characteristics of the portfolio and the risk appetite of the organization

Portfolio Mean and Variance

Portfolio expected return: \(\mu = \sum \limits_{i} w_i \mu_i\)

  • \(\mu_i\): expected return on asset \(i\)

  • \(w_i\): proportion invested in asset \(i\)

Portfolio variance: \(\sigma^2 = \sum \limits_m \sum \limits_n w_m w_n C_{mn}\)

  • \(C_{mn} = \rho_{mn} \sigma_m \sigma_n\) is the covariance of the returns on securities \(m\) and \(n\)

For 2 assets \(A\) and \(B\)

\(\mu = w_A \mu_a + w_B \mu_B\)

\(\sigma^2 = w_A^2 \sigma_A^2 + w_B^2 \sigma_B^2 + 2 w_A w_B C_{AB}\)

Minimum variance:

\(w_A = \dfrac{\sigma_B^2 - C_{AB}}{\sigma_A^2 + \sigma_B^2 - 2 C_{AB}}\)

Separation Theorem

Portfolios with the highest return for a given level of risk are said to be on the efficient frontier

\(\alpha\) will be invested in 2 risky assets \(U\) and \(V\) and \(1 - \alpha\) will be invested in a risk free asset

  • If \(0 < \alpha < 1\):

    Positive exposure to the risk free asset which does not add to the overall risk of the portfolio

  • If \(\alpha >1\):

    Negative exposure;

    Borrow money at risk free or (\(r_F'\) with a premium to risk free) and invest in risky asset

Assuming all investors have the same view of risk and return and behave rationally

\(\therefore\) Security prices should result in equilibrium such that the expected return on any efficient portfolio is a linear function of its \(\sigma\)

The resulting set of possible efficient portfolios are shown as the boded line below:

The fact that the optimal risky portfolio can be determined without any of the investor’s risk appetite accounted for is known as the separation theorem

In order to determine where on the boded line the investor will invest, we need to know the investors risk appetite (or utility function)

Benefits of Portfolio Management in ERM

4 reasons portfolio management is useful in ERM and how it aid optimization of risk/reward

  1. Encourages companies to unbundle the business into its component projects

    • Enables management to decide separately how to treat each project

      (e.g. retain, increase/decrease, or transfer risk)

    • May encourage companies to think about where they add value or can best compete

      (Focus on that risk area by transferring other risks to those who can manage them more efficiently)

  2. Provides a mechanism for aggregating risks across the org

    • Useful for more transparent reporting and information purposes

    • Enables transfer of some or all of these risks to a central team

      (Allows specialist team to hedge or otherwise manage the risk)

      (Can also assess the risk-adjusted profitability if the BU was charged a price to transfer the risk to CRF)

  3. Provides a framework in which risk concentration limit and asset allocation targets can be set

    • The two above operate together to achieve the org’s desired risk/return profile

    • Risk concentration limit impose a minimum level of diversification for the portfolio

    • Asset allocation targets ensure most emphasis or resource is allocated to the more promising opportunities/projects

  4. Influences investment, transfer pricing and capital allocation decisions

    • Org can vary the price it charges a BU to transfer a particular risk to the CRF

      \(\hookrightarrow\) Influencing that unit to expand or contract in that area

    • Having identified the risk/return characteristics of the org’s projects, management can allocate most capital to those expected to deliver the highest risk-adjusted return

    • Market value of an org is influenced not only by the products it is selling now, but the products that are in the pipeline (they represent options owned by the org)

    • MVPT highlights the importance of diversification as a means of reducing risk without necessarily reducing expected return

      \(\therefore\) MVPT encourages orgs to invest in their pipeline products as well as a range of products that are currently generating revenue

Does Portfolio Management Really Add Value?

Some argues that passive management (index tracking) is more sensible as there is little evidence that active management results in higher sustainable risk-adjusted returns in practice

However, when managing an organization’s portfolio of risk, there is no appropriate index to track \(\Rightarrow\) It’s not an option

It is sensible to use tools such as risk concentration limits and asset allocation targets and to apply the principles of MVPT in an attempt to determine the mix of projects that sits on the efficient frontier

(take a look at Lam’s example from 105-107 to make sure the concept is understood)

Risk Responses

Developing a Response to Each Risk

Key types of responses to risk are:

  1. Avoidance (risk removal)

  2. Acceptance (risk retention)

  3. Transfer (risk transfer)

  4. Management (risk reduction w/o transfer)

4 steps process to developing risk responses:

  1. Conduct research about possible responses and their costs

  2. Determine a response for each risk, ensuring a deadline for implementation is specified

  3. Assign a risk manager who is responsible for ensuring the response is implemented

  4. Consider whether secondary risks (risks arising as a result of the response) might emerge and what the residual risks are

Key features of a good risk response

  • Economical:

    Cost of implementation \(\ngtr\) the reduction in risk

    (however low freq/high sev risk may have low expected value but the impact could be catastrophic if realized)

  • Well matched to the risk:

    Avoid basis risk

  • Simple:

    Avoid mistakes in executing the response

  • Active:

    Should instigate action not just simply inform

  • Flexible and dynamic:

    React to changing circumstances

The response chosen is necessary to :

  • Allows for the cost of risk when pricing

  • Optimize risk-adjusted performance through appropriate resource allocation

Risk Transfer

Risk transfer = reassigning risk = deflecting risk

  • Involve passing the risk to another org or another part of the same org

Ways in which risks can be reduced through transfer:

  1. Insurance / Reinsurance / Co-insurance

    Provides capital if an event occurs (contingent capital) in return for a premium

  2. Sharing the risk with a policyholder via product design

    Common form of risk transfer within insurance is policy XS or co-payment, which returns some of the risk to the policyholder

  3. Securitization:

    Packaging risk into a marketable investment

  4. Purchase of some forms of derivative

  5. Alternative risk transfer (ART):

    Combine features of derivatives and insurance

  6. Outsourcing

Factors to consider on risk transfer

  1. Must be based on good mutual understanding of each of the parties’ objectives

  2. Must recognize the ability of the party assuming the risk to take action and understand the context of the risk

  3. Cost effectiveness

    Cost is typically over and above the expected loss

    • Cost includes the price that the assuming party requires in order to accept the risk
  4. When risk are transferred, the upside potential may also be removed as well

Counterparty Risk (Secondary risk)

  1. Risk transfer introduces counterparty risk as it involves a 3rd party

Effectiveness

  1. There may be regulatory restrictions that reduce the effectiveness of risk transfer

    (e.g. maximum permissible amount that can be transferred to a single counterparty)

    (e.g. permitted reduction in regulatory capital may be capped for some forms of transfer)

  2. The effectiveness of transfer might also be limited by the capacity of the market to which it is being transferred

    (e.g. there may be no appetite in the reinsurance market to accept significant quantities of longevity risk on immediate annuities)

ERM can aid the risk transfer process:

  • Providing a framework in which:

    • An org’s net exposure to each type of risk can be assessed and diversification of risk can be recongized, so avoiding the cost of over hedging

    • Cost of different risk transfer strategies can be assessed

  • Helping to establish consistent risk transfer policies across an org.

Risk Reduction without Transfer

Risk reduction without transfer = risk management = risk treatment = risk mitigation

Generally risk may be reduced by reducing the likelihood or impact

Ways to reduce risk without transfer:

  1. Diversify overall risk by taking on uncorrelated risks

    (e.g. across types of products sold, socio economic status, geographic spread, investment asset types/sector)

  2. Reduce random fluctuation by increasing the size of a portfolio

  3. Some risks can be partially hedge by taking on risks with the opposite characteristics to those held

    (e.g. selling both insurance produces with mortality risk and longevity risk)

    • Important to understand the effectiveness of the hedge
  4. Greater asset liability matching

  5. Reduce op-risk through implementation of strong internal controls and governance

  6. Reduce underwriting and pricing risks through:

    1. Robust underwriting practices

    2. Intelligent data analysis using appropriate homogeneous groupings

    3. Taking into account both past and likely future trends

  7. Credit and counterparty risks can be reduced through:

    1. Robust due diligence practices

    2. Ensuring the agreements are tightly worded

  8. Reduce agency risk through:

    • Use of intelligent remuneration and bonus systems that align better the interest of different stakeholders
  9. Overall solvency or wind-up risk is reduced through:

    • Increased capital or funding

There will be implementation cost and reduced potential for upside for most methods (more in module 27 and 29)

Risk Removal

Possible to get rid of risk entirely

  • For op-risk, this is often easiest and cheapest to do in the planning phase of a project

Overall amount of risk taken on by a company can be reduced by avoidance, such as :

  • Writing fewer “high risk” products

  • Investing in a lower proportion in “high risk” assets

Factors to consider for risk removal

  1. Cost of removing the risk

  2. Impact of removing the risk on the likelihood of the project meeting its original objective

    (i.e. Does it hurt your chance of meeting your original goals?)

  3. Whether any opportunities will be lost as a result of removing the risk

Risk Retention

Risk retention = absorbing risk = accepting risk = tolerating risk

Day to day risk are usually more profitable to retain

Organization may retain risk if:

  • Risk is a component of its core business

  • Most economical approach

    (e.g. expensive to document and settle relatively small losses)

  • No alternative

    (e.g. no one to transfer the risk to at an acceptable cost)

Residual Risk

3 circumstances that give rise to residual risk

  1. Conscious decision was made to retain them

  2. Result of a risk response action

    (i.e. secondary risk like counterparty risk)

  3. Result from an imperfect hedge

    (i.e. basis risk)

Important to identify residual risk in the risk planning stage

For remaining residual risk that cannot be insured against or hedge, risk capital should be held in order to mitigate their impact

Alternative Risk Transfer (ART)

Summary of ART Products

ART:

Non-traditional risk transfer product which often combine features of both insurance and derivatives

2 broad categories:

  1. Vehicles based on capital market instruments1

  2. Other unconventional vehicles2 used to cover conventional risks

    (e.g. non capital market risk transfer)

In order to develop and offer ART products to be used by 3rd parties an organization needs to be able to:

  • Quantify risk in terms of both likelihood of occurrence and size

  • Package, underwrite and sell securities

  • Also need to hold capital if the org retain any of the risk itself

Advantages of ART

  1. Improved organizational focus

    • Enable companies to transfer risk to another party, helping them to focus on their core business and maximize capital efficiency
  2. Customiztion and timing

    • Typically customized to the org, enabling it to obtain the level and nature of cover it wants

    • Some can provide capital faster (e.g. cat-e-puts) than more traditional approaches (e.g. right issues) and at the precise time that it is most needed

  3. Cost reduction and simplified admin

    • Multi-line policy generally cost less (than à la carte)

      As any natural hedges or lack of correlations can be recognized in pricing

    • Multi-line policies reduce number of separate policies

      \(\hookrightarrow\) reducing admin cost

    • Tax efficient methods can be employed

      (e.g. offshore captives)

    • Pooling of risks can lead to cost savings due to diversification

      (e.g. risk retention groups)

  4. Earnings stability

    • Can cover multiple types of risk for extended period of time

      \(\therefore\) enable an org to smooth earnings more easily than through a series of 1-yr contracts

  5. Marking-to-market

    • Capital market risk transfer establishes a market based price for the risks being transferred

Problems with ART

ART is relatively new (started in 1970s) and a rapidly developing area

Problems include:

  1. Higher initial costs than conventional products

  2. Products are more complex than conventional products

    \(\hookrightarrow\) Increasing the time and cost of developing a solution for an org

  3. An org may need to change the way it assesses and manages risk in order to gain maximum benefit from ART

  4. Staff need to be educated about ART so they can

    • Understand the product3

    • Assess any seller4 of ART products

    • Appreciate the impact of regulations and accounting standards

Future of ART

Potential drivers for increased use of ART in the future

  1. Conventional insurance becomes more expensive (cost savings offered by multi-line policies)

  2. ERM becomes more widespread

    Orgs that integrate their risk assessment and management across the org are likely to appreciate integrated risk transfer mechanisms

  3. It becomes widely recognized that companies should focus more on their core business and eliminate or transfer other risks


  1. Vechicles based on instruments from the capital markets

    • Insurance linkes bonds:

      Bonds whose interest and/or principle are wholly or partially forfeit if a specified event occurs

      Most popular way of transferring nat cat risk from reinsurers to the capital marekts

    • Securitization:

      Process of packaging risks into debt or equity instruments that can be traded in financial markets

    • Cat-E-Puts:

      Catastrophe Equity Put Options allowing a company to issue and sell equity at a predetermined price in the event of a specified cat event

    • Contingent Surplus Notes:

      Notes providing access to capital to their holders in the event of a loss event

    • Credit Default Swap:

      Derivatives under which the buyer pays premiums to the seller, whoe makes a payment to the buyer in the event of a credit default

    • Weather Derivatives:

      Policies triggered by specified meteorological events of predetermined magnitude

  2. Unconventional vehicles used to cover conventional risks

    • Self-Insured Retentions (SIR):

      Retentions of capital set aside for use under negative contingencies

    • Risk Retention Group (RRG):

      Self-insurance capital pooled by a number of small-to-medium sized companies

    • Captives:

      Subsidiary companies set up solely to insure the parent company

      These are often located offshore to exploit tax advantages

    • Rent-a-Captives:

      Captives shared among several medium-sized companies

      Funds are managed centrally

    • Earnings Protection:

      Policies triggered by a specified earnings shortfall within a given financial period

    • Finite Insurance:

      Insurance policies extended over a multi-year time period in order to smooth profit and loss

      This kind of insurance often involves very little risk transfer, but has the effect of reducing capital requirements and/or taxes

    • Integrated risk and multi-trigger policies:

      Policies covering a basket of different risks, some of which are not conventional insurance risks

      Sometimes called insuratization

    • Multi-Trigger Policies:

      Policies triggered only if a number of different specified events occur within a given timeframe

    • Multi-Year, Multi-Line Policies:

      Policies covering a basket of different risks, spread out over a specified number of years

  3. Understanding the product

    Questions purchaser should ask:

    1. How does the product work?

      • How are the triggers determined?

      • What would the payoff be, in a range of scenarios?

    2. Have similar products been purchased in the past?

      • How were they price?

      • Are the purchasers satisfied?

    3. What is the impact of the prodcut on the organization’s economic capital requirements?

    4. Could the same cover be provided through conventional prodcuts?

      • If so, how does the cost compare?

      • Does one approach offer tax or regulatory advantages?

  4. Assessing the seller

    Question purchaser should ask:

    1. Has the seller much experience of ART deals?

      • If so, were the deals similar to the deal proposed now?

      • How have the previous deals performed?

    2. Are any previous puchasers willing to provide reference

    3. If the organization has not done ART deals in the past, does it have the requisite skills?

    4. How does the seller measure and assess risk?

      • What models and methods does it use?

      • Does it outsource the risk management? If so, how reliable the organization offering the measurement service?

    5. Does the seller have sufficient capital and/or reinsurance to meet potential claims?

      • Likewise, do the reinsurers have sufficient capital?