This article was originally published in The Global Analyst-November 2017 issue.
Those who cannot remember the past are condemned to repeat it-George Santayana..
There is not one year that passes by without any crisis. Some are big and tectonic in nature (like the Global financial crisis in 2008) while others have a limited but powerful impact like Asian Financial crisis. When macro crisis hits the economy, it is natural that companies risk management systems are tested to the core. However, a company’s risk management architecture can also be tested without a macro crisis background. This can be simply due to weak risk management systems and processes in the company. History is replete with several company specific examples of financial risk management crisis starting from Bankers Trust derivatives sales scandal in 1994 to LTCM hedge fund failure in 1998 to Libor fixing scandal in 2012. Sometimes the lines can be blurred between a general disaster and a company failure. For eg., 2011 Fukushima and nuclear accident can be viewed as market disaster, while it can also be viewed as risk management failure of Tokyo Electric Power Co.
As finance professionals and CEO’s, most of us are trained to focus on performance and results. However, extracting performance and showing results is also concomitant with assuming risk. Return and Risk are two sides of the same coin. If we do not have our eyes on risk, we will not be able to distinguish between risks that one can take on a regular basis, risks that one can take occasionally and risks that one should avoid altogether. Without the ability to discriminate in this fashion, focus purely on performance and results either can be short term or can produce side effects that can sink the whole ship.
From a business enterprise point of view, the higher the risk in a proposition the higher the return. However, while the return comes from the core business environment, risks can emanate from various sources. A company can face “financial risks” like market risks (interest rates, exchange rates, and stock prices), credit risk and liquidity risk. It does not stop here. The company also faces “non-financial” risks, which can be hard to quantify. Some examples of this would be operations, accounting, taxes, legal, regulations, and finally model risks. A company stands in the middle between these financial and non-financial risks. Therefore, the main challenge for a financial risk manager is to recognize, measure and manage these risks. Depending on the business in consideration, certain risks may be closer to heart than others may. For eg., a multinational agri business that procures raw materials from different countries and sells the final product in various countries will have currency risk at the heart of its operations. Since the operations are global, it will encounter commodity price risk, foreign exchange risk, equity market risk, and interest rate risk not to mention credit risk ( as its customers tend to purchase on credit) and operational risk where weather related risk can play havoc . Another challenge is to factor risk resulting from environment, social and governance factors what are famously termed as ESG risks.
Once we capture relevant risks, the next challenge is to quantify or measure them. Fortunately, several readymade tools are available to use in this sphere for a financial risk manager. The most commonly practiced is the Value at Risk (VaR) that estimates the minimum loss that a party would expect with a given probability over a specified period. Hence, the key issues here are to estimate appropriate time periods, confidence intervals and methodologies. There are advanced tools as well in the form of Monte Carlo Simulation that estimates VaR by generating random scenarios and can handle complex relationships among risks. For the credit risks, probability of default and recovery rate will be key measures. The agri business example given earlier will have this risk measure for its buyers who buy the product mostly on credit.
The third key challenge after identifying and measuring is to manage the risks. For e.g., once a firm wide VaR is computed and segregated business area wise, the next question to ask is how much risk can the company take? The answer to this important question will tell us if we are properly covered or exposed. Technically, this is termed as “risk budgeting” which enables us to answer questions like “where do we want to take risk” and therefore which unit can be allocated more bandwidth to assume more risks. In the absence of risk budgeting, all business segments can take equivalent risks disproportionate to their contribution to business goals. In most cases, credit risks are managed by limiting exposure to a party and by marking to market the trading positions. It is also possible to manage this risk through collateral. Some companies have also used Special Purpose Vehicles (SPV’s) that have higher credit ratings than the companies that own them.
A related aspect of “risk budgeting” is capital allocation. Risk management has become a key tool for allocating capital across various business units of a risk-taking enterprise. The capital allocation process is a blend of quantitative mathematical process using statistical programs embedded with qualitative decision-making process.
Managing risks also involves hedging risks through derivatives and other instruments. Corporates normally work closely with the treasury department of banks that provide such customized solutions to clients to hedge risks. However, there are steep costs involved in hedging and will constitute insurance premiums that should be constantly paid. The financial risk manager should eventually take the call on managing the risks through hedging or through other business tools explained above.
In conclusion, it is well know that there is no return without risk and rewards certainly go where risks are taken. However, there is a difference between taking known risks and taking unknown risks. It is important to know what we do not know (known unknowns). Risk should be discussed openly so that it can be fully understood and therefore better managed. While many firms do think about risks, few firms show discipline and consistency in terms of a rigorous approach. A good FRM process will ensure there is consistency and disciple in in identifying, measuring and managing risks. Presently two professional organizations are dedicated to imparting education and skills in the area of risk management globally. They are Global Association of Risk Professionals (GARP) and Professional Risk Managers International Association (PRMIA). Companies should encourage CFO’s to acquire these certifications so that best practices can be introduced and followed in the area of risk management.
Last but not the least, financial risk management can easily deduce to a mathematical and statistical process. However, it should be understood that people, not mathematical models, manage risks. Financial risk management, though has rigorous quantitative processes developed over time, has also a good element of common sense embedded. It is better to be approximately right than to be precisely wrong!