Global Risk Guard
Tool for the identification, assessment, monitoring and management of operational risks

 

Articles

 

The real risks of credit derivatives

Good risk management is crucial for companies in this opaque market.

by Arno Gerken and Hugh Karseras

In a financial world where yields are relatively low and risks high, it's no surprise that insurers, hedge funds, and commercial banks are keen on credit derivatives. For buyers, such instruments offer a way to manage portfolio risk; for sellers, they promise high-yield returns. And for the global financial system as a whole, they could diversify and diminish risk, at least in theory.

In practice, though, some players—among them insurance companies and commercial banks—are pushing too aggressively into the market, distorting prices and raising the possibility that one company's large, unexpected losses could upset the entire system. Many have entered the market opportunistically, tempted by the attractive yields and trusting that their portfolios can absorb the risk. Too few of the newcomers sufficiently understand the potential dangers of credit derivatives. Some companies have learned the hard way: at the French reinsurer SCOR, for example, credit derivatives contributed to net losses totaling €769 million in 2002 and 2003, prompting it to exit this market.

A credit derivative, in its basic form, is a contract purchased by a bank or other financial institution to protect itself if a borrower can't repay a loan or fulfill a lease obligation. For the buyers, these products—typically sold by insurance companies, hedge funds, commercial banks, and investment banks, which agree to pay if the borrower or bond issuer defaults—diversify risk or reduce the amount of capital that institutions must set aside to cover possible defaults by customers. For the sellers, credit derivatives represent a new investment vehicle with attractive yields. Small wonder, then, that the market's volume hit $3.6 trillion in 2003 and, by our estimates, could reach $10 trillion in 2007.

The companies that eventually end up holding the credit risk find it quite difficult to uncover the identity of the underlying businesses.

Unfortunately, however, the growing use of credit derivatives is transferring risk on an increasingly large scale in ways that are mostly opaque to investors and regulators. In the past, it was clear which party took on the credit risk—a bank holding a commercial loan, for example, or an insurance company buying corporate bonds. By contrast, credit derivatives typically cover a broad portfolio of debt from numerous corporations rather than a single company's bonds or loans. The portfolio is divided into "tranches" according to levels of risk. Companies that eventually end up holding the credit risk find it difficult to uncover the identity of the underlying businesses and to assess their financial health.

That opacity stands in contrast to the more mature market for interest-rate derivatives, where the risks are well understood and often closely linked to macroeconomic trends, for which information is widely available. Even so, as this market expanded, some companies, including Gibson Greeting Cards and Procter & Gamble in 1994, suffered high-profile losses, and the market was derailed substantially several times—for instance, in 1998 by Russia's currency and debt crisis.

In our judgment, many insurers and commercial banks are taking on too much risk in the credit derivatives market without fully understanding their exposure. In search of better returns, some companies, according to our research, have focused on what is the market's riskiest segment. The situation is particularly unsettling because insurance companies don't face the rigorous capital requirements that the Basel Capital Accord imposes on banks. Moreover, credit-rating agencies and regulators worry that some insurance companies lack the experience and know-how to guard against significant unexpected losses. The Financial Stability Forum, which includes representatives from central banks and supervisory authorities around the world, has called for a rapid increase in the amount of information regulators have about who is transferring credit risk to whom.

While this developing market creates interesting new opportunities for skilled participants, we believe that many insurance companies and banks, to protect themselves and their shareholders, will need to beef up their risk-management capabilities significantly by focusing on these essential skills.

Measuring credit risk. Investors should be able to estimate the likelihood of default by individual companies in an investment portfolio as well as the potential loss. They should understand not only the market forces that influence credit spreads and pricing but also the way correlations among individual credit risks can significantly influence a portfolio's overall risk profile. And they must be able to assess the individual risk-return profile of selected tranches of bundled credit derivatives. All of this knowledge requires skills in high-quality credit underwriting and detailed technical credit modeling.

Understanding derivatives. Companies should have a clear picture of how and to whom derivatives shift risk—including factors such as the potential impact of legal challenges to obligations set forth in derivatives contracts and the possible effect of a string of defaults at a number of companies. They must also understand the complexity that derivatives bring to correlations among various credit risks in their portfolios.

Gauging the impact on capital allocations. Companies should understand the way hedging an investment with credit derivatives changes the level of risk they face and the capital they need to cover it.

In most cases, building new risk-management capabilities requires sizable investments in people and equipment. The software and IT systems needed to track and manage credit risk comprehensively can cost a large global company as much as $50 million. For those companies wishing to participate, that's a sound investment. The use of derivatives is expanding, and we believe that the ability of companies to manage risk will largely determine the winners and losers in the financial-services industry over the next few years.

(Source: mckinseyquarterly)
go to top

Risk Management: Worrying About the Things That Need To Go Right

by Bill Sharon

What Needs To Go Right Has To Balance What Could Go Wrong

There has been an increased dissatisfaction with many efforts that have been initiated under the rubric of “risk management” over the past several years. One of the drivers of this dissatisfaction has been the cost of compliance with Sarbanes Oxley legislation (according to the FEI in a survey of 217 companies with revenues in excess of $5 billion, the average cost in the first year of implantation was $4.36 million; 39% more than was anticipated). However, the more fundamental complaint is that for all the focus on categorization of and mitigation against issues identified as “risks” there has been very little tangible positive impact on the bottom line.

The response to this criticism has been to point to the control issues that have been uncovered in the SOX process and the potential civil and criminal penalties that have been avoided through the identification and documentation of those issues along with the required remediation actions. While there is no question that the provision of accurate financial information and the compliance with the provisions of the SOX legislation as well as PCAOB standards is essential, it is reasonable to question whether this activity should be defined as the primary focus of risk management. Achieving basic processes involving adequate financial controls is a fundamental requirement of being in business.

Another dimension to the complaints about the risk management effort comes from those who are charged with implementation. They often point to a lack of sustained sponsorship from the executive suite. Senior managers are clearly concerned about adhering to the requirements of the law and established compliance standards, but they are charged with growing the enterprise and generating profits for their shareholders. Activities that do not contribute to that goal are generally viewed as a cost of business, certainly necessary, but not central to the myriad of tasks essential for growth.

On an operational level there is also a growing adversarial trend in the relationship between risk managers and the businesses and operational managers. In financial services there is a new set of requirements to manage operational risk set out in the Basel II accord. While the language of the accord is broad in terms of the need for a comprehensive approach to operational risk, the primary focus has been on the provision that requires capital allocations based on negative events that have occurred in the operational environments of similar businesses in the past. This has led to intense efforts to establish “loss databases” to catalog these events and develop actuarial tables to determine the allocations. Essentially an insurance model, business managers are being put in the position of arguing that their premiums are too high and based on events that are not germane to their particular business model. Other industries are also experiencing significant constraints on their operating environments resulting from control procedures that impact their ability to execute in a timely manner.

The Definition Of Risk

We believe that the fundamental problem in all of these areas is the definition of risk. Our view, simply put, is that risk exists. It is neither good nor bad until it is understood in the context of the business objectives of an organization. We believe that this concept has been confused by the labeling of compliance activities (SOX, Basel II etc.) as the primary or even sole focus of risk management efforts. While there is no doubt that a failure to comply with a law, regulation or international accord presents a risk, it is a very narrow view of risk to the enterprise.

Risk needs to be understood across a continuum from those events that present the potential for damage to the business strategy to those that compose the uncertainties implicit in the execution of that strategy to those that must be embraced in order to achieve the goals of the organization. Expanding the definition of risk management in this manner has the potential to engage the entire organization as it requires collaboration between business and operational managers to gather and assess the risks that are not only to be avoided but also embraced in the service of achieving the goals of the organization.

The current definition of risk as a negative is the result of the corporate abuses of the recent past and the regulatory response to those abuses. Certainly these issues needed to be addressed, but we all appear to be perseverating on worrying about all the things that can go wrong. The attention to this narrow perception of risk is driven by fear. Anyone who suggests that we may have become excessive in our focus on controls is often shouted down as the purveyor of, at best irresponsibility and, at worst malfeasance.

Insurance in its many forms is an essential component of prudent business practices and for many years was the primary focus of managing risk. The level of sophistication of actuarial models that will be developed over the next several years in the operational area will be useful in mitigating the losses in new and/or established high risk opportunities in the financial services industry and will also have application in many other industries. These insurance models will not, however, win a new client, close a deal, integrate an acquisition or contribute to the reputation and image of a company. All of those efforts will require the management of risk from a different perspective. It will require an understanding of and management of “all the things that need to go right”.

An Historical Example

We are all familiar with John F. Kennedy’s State of the Union challenge in May 1961 in which he set the goal to put a man on the moon by the end of the decade and the achievement of that goal in July 1969 by the Apollo II Lunar Lander and Neil Armstrong. What may have been forgotten is Kennedy’s sustained effort to ensure that this be the goal of the NASA program rather than one of several goals – the latter strategy being favored by James Webb, the Director of NASA at the time.

This historical example is interesting from several perspectives. First, a clear goal was established with little or no immediate prospects for its achievement. The underlying perspective at the time was that it would be unacceptable for the Soviets to beat the US to the moon. From a risk perspective, all other concerns would have to be addressed within the context of that goal.

Second, the historical record tells us that Kennedy did not just make his pronouncement and move on to other things. He was challenged by the agency that had the responsibility to achieve his goal. From the recently released recordings of the meetings between Kennedy and Webb it becomes clear that Webb was concerned that there was a lack of information about the surface and environment of the moon as well as information on the composition of space. He was arguing for a delay to gather more information.

Kennedy listened to and evaluated the objections to the singular dedication of funding to the lunar landing and then reaffirmed his strategy. He is quite candid about his lack of interest in space; he just wanted to get to the moon before the Russians. The science was a tool to achieve that goal. Here we have an engaged executive leveraging his operational environment to attain an objective that he deemed important in the larger picture. Certainly the risk from a technical perspective was immeasurable but the political risk was clearly quantifiable.

Third, the only way to achieve Kennedy’s goal was to “worry about all the things that needed to go right”. This meant accepting the lack of information about certain aspects of the mission and making the best possible judgments. In the words of Arthur Rudolph, the scientist responsible for the development of the Saturn 5 rocket that sent the first Apollo mission to the moon those judgments were considered in the following manner:

 “You want a valve that doesn’t leak and you try everything possible to develop one. But the real world provides you with a leaky valve. You have to determine how much leaking you can tolerate.”

The only way to determine the acceptable level of leaking was to understand the goal of the mission – of which the greater understanding of space and the engineering required to explore it, was only a component. The political context was the driving force. Implicitly, this meant accepting tactical and potentially catastrophic risks to avoid what had been described as the greater risk of being second to the moon. (A subject for another time is the insidious risks that occur when an organization relies on past success to rationalize current and future performance).

The Swing Of The Pendulum

The fundamental issue facing the risk management discipline is relevancy.

The problem with the vast majority of risk management programs is that they do not engage the organization in the process of identifying and assessing risks, whether they are hazards or opportunities. Instead, we have developed a cottage industry of “risk experts” who impose seemingly abstract standards on the business process. We feel constrained to emphasize again that defensive policies, whether they be insurance models or control frameworks are an important component of prudent business practices, but making them the centerpiece of a risk management function in a complex global organization is inappropriate. Growth is driven by the execution of strategy and that execution requires an understanding of the risks that must be undertaken to be successful. Too often organizations focus on the control function frankly because it is easier to achieve. Relevant risk management requires engagement with the senior operational and business managers to understand what they are trying to accomplish and then providing them with information that will contribute to their success. Risk managers need to be skilled in not only the technical aspects of risk assessment, but also in the interpersonal and organizational areas to be successful.

There is also concern about a more insidious problem with the current focus of risk management. Reactive change is almost never resilient change. Without the context of the business objectives, control procedures can be instituted that appear to reduce risk by defending against abuse, but actually create risk to the organization’s ability to compete and enhance efficiency. Over time, these procedures are often ignored, further weakening the legitimacy of the risk management process. Controls only survive when they are perceived as central to the mission.

Obviously, there are precious few organizations today that have the clarity of mission that NASA had in the 1960’s. However, given the acceleration of global competition, we would argue that the urgency of managing risk has never been greater. The struggle for relevancy in the day to day process of the organization is key to the evolution of risk management from a compliance function to a discipline that develops business intelligence to further the strategy. Perhaps out of necessity, the pendulum has swung toward the implementation of internal and external controls to address the recent abuses. It is now time for movement back toward the center where these controls can be balanced by risk information that contributes to the bottom line.

References

Against the Gods, The Remarkable Story of Risk, by Peter L. Bernstein, Published by John Wiley & Sons, Inc. 1996

John F. Kennedy Library and Museum

(Source: SORMS)
go to top

 

These Articles are written by risk professionals from around the world. Submit your own article to articles@globalriskguard.com

 

List of Articles:

The Real Risks of Credit Derivatives Arno Gerken and Hugh Karseras

Risk Management: Worrying About the Things That Need To Go Right Bill Sharon

[Home] [Virtual Library] [Articles] [GRG Services] [Topics] [Risk Jobs] [News] [Softwares] [Books] [Sponsors] [Links] [Contact Us] [Feedback] [Blog]

Copyright ©2005-2009 Global Risk Guard. All rights reserved. | Legal |