For most firms risk management is a necessary evil, increasingly consigned to being an adjunct to compliance, finance and other so called “business prevention” functions. Non-financial firms traditionally address risk through a series of transfer mechanisms, such as insurance, self-funded vehicles or they merely absorb unforeseen losses with their earnings. The financial sector, on the other hand, applies sophisticated statistical methods in a form of speculative risk management that captures the upside and the downside of risk-taking. These approaches are used to calculate value at risk (VaR), regulatory capital and other internal and external risk measures. Many of these methods, however, are based on backward looking book values and a permissive fox watching the chicken coop environment, wherein financial institutions often develop their own internal risk metrics with loose guidance from regulators.
The frequency of potentially preventable losses, along with the calamitous effects of black swans, suggests that quants not only need qualitative tools in their arsenal, they need structural alternatives to one-dimensional risk management. This one-dimensional structure often misses the mark and can suffer from confirmation bias in that centralized risk managers who look for trouble, may in fact find it by chasing misleading risk signals. JP Morgan, long considered a best practitioner in banking risk management, missed the London Whale’s transgressions, despite some fairly obvious warning signs1. Under the first dimension, even though many firms like JP Morgan install ‘native’ Chief Risk Officers (CROs) in their business lines, these individuals are often marginalized and kept on a need-to-know basis. This has the placebo effect of creating a false sense of comfort that risks are being managed, when in reality often excessive risk-taking behavior is carried out in the CRO’s line of sight. The latency and backward orientation of traditional risk measures often negates proactive controls and when the smoke begins to rise, it is often too late.
One-dimensional risk management follows a hierarchical command and control structure. This not only creates isolation compounded by the vast remoteness of global firms, in most cases, CRO’s report directly to the excessively optimistic CEO’s they are supposed to manage. This was the case with JP Morgan, as Jamie Dimon, JP Morgan’s all-powerful Chairman and CEO, pushed the boundaries of the firm’s internal hedging activities carried out by its Chief Investment Office (CIO). For a one-dimensional approach to be effective, studies have found that the one variable firm’s cannot compromise on is to have an independent board-level risk management regime2. In cases where CRO’s report directly to the CEO and not the board, “paycheck persuasion” is a powerful inducement not to ring the alarms too loudly or to turn a blind eye to egregious behavior.
The robustness of risk management in the financial sector has a spotty record due to the wholesale collapse and public bailout of the system during the recent financial crisis. This is compounded by the implicit or explicit mandate given to risk managers to merely toe the regulatory line and do what is minimally required in terms of solvency, capital buffers and other standards. Indeed, many analysts suggest that JP Morgan’s London Whale debacle was driven by persistent regulatory arbitrage to reduce the risk-weighting of its capital buffers3. In short, meeting externally imposed compliance standards does not bode well for survivorship. In fact, under persistent conditions of economic duress, such as those seen during the recent crisis, which is defined as a 40% collapse of U.S. equities, even the mightiest institutions would fall. This not entirely improbable scenario would see another instance of privatizing gains, while socializing losses – this time to the tune of 598 b.USD for the top 10 systemic firms in the U.S. to fill their capital shortfall4. In short, doing what is minimally required by the regulator under a one-dimensional risk management structure is a risky business.
While risk in financial firms makes for headline news and has broad public interests as banks are increasingly viewed as utilities, preventable losses and missed signals as not confined to Wall Street. Toyota’s ascendance as a global automotive powerhouse has hit a few speed bumps following a series of worldwide product recalls, sticking accelerators and an embarrassing mea culpa by Akio Toyoda, Toyota’s CEO. Long heralded as the paradigm for kaizen, or total quality management, Toyota’s assembly line follows a horizontal, or two-dimensional, risk management structure. The aim is to reduce the probabilistic incidence of errors in the manufacturing process to as many standard deviations as possible, for example 6 sigma. Famously, this two-dimensional structure empowers workers on the assembly line to pull the cord, in effect stopping production in the event of an error or pattern of errors.
Although many aspects of this flat structure are appealing, it labors under a potentially high “signal to noise” ratio that may lead to false positives and may only be applicable to firms or markets with a slower velocity. For example, it is doubtful that a two-dimensional risk management approach would have saved the high-velocity trading firm Knight Capital, which crashed and burned with spectacular speed due to a rogue trading algorithm. Besides, tracking defects is a slightly more gratifying task when you have a tangible product. In financial services, however, defects are occluded by correlations and their formless nature. Much like a virus, financial risk is often identified through contagion and rising temperatures, neither of which are sound preventive measures. Despite all the passive and active safety features in a modern car, externally imposed speed limits and driving conditions, there is no risk management substitute for a well-trained driver. Similarly, most risks in financial and non-financial firms emanate from the behavior of people inside the firm and in the market.
Against this backdrop, a hybrid third-dimension of risk management offers a new framework for an increasingly punishing and interconnected world. In this approach, risk management is not merely a quantitative preventive feature, but rather an embedded firm-wide decision making framework that makes staying in business, everybody’s business. Leveraging the best of the first and second dimensions will filter signal to noise and encourage bounded risk taking at all organizational levels. The power in this approach lies in combating complexity with simplicity and removing the stigma of raising the alarm. Some of the more enduring risk management precepts take a via negativa or, subtractive path, prescribing actions that should be avoided, for example, thou shalt not kill. Imagine the power, clarity and resilience of the Volcker Rule, which in 1077 pages precludes proprietary trading, if it was simply stated as thou shalt not speculate with other people’s money – the very egregious behavior that got JP Morgan into trouble.
4 Acharya, et. al., Capital Shortfall: A New Approach to Ranking and Regulating Systemic Risks,AES Meetings, January, 7, 2012. NYU Volatility lab systemic risk rankings –http://vlab.stern.nyu.edu/welcome/risk/