Top 400: Preventive medicine
In the post-financial-crisis world, risk management has grown in importance. Chief risk officers have assumed a more central role than ever before. Countless requirements and mandates have been written into regulations, corporate policies and day-to-day operating procedures. Risk analysis and data collection have expanded exponentially. It has been almost a police-like response: put more cops on the street, increase surveillance, and let nothing escape the gaze of the risk department.
In the six years that have passed since the financial crisis, however, it has become clear that a stronger ‘policing’ function, while enhancing risk oversight, does not necessarily beget better risk management.
At the core of this problem is the gap that exists between risk departments – in their now-strengthened, increasingly important oversight role – and the portfolio managers and traders on the front lines of the investment side. Portfolio managers naturally focus on managing portfolio-level risk. By contrast, risk departments focus on understanding risk across portfolios and reporting a firm’s potential financial vulnerability to regulators, clients, and asset holders, not to mention the firm itself.
And there’s the rub: to accomplish their respective goals, the risk measurement tools each party uses are different. Portfolio managers typically rely on factor-based risk models for measuring and managing the risk of the portfolios they construct. Risk departments use granular models, which are suited to a broad range of asset types, complex portfolios and the standardisation of reports across the firm.
Why is this difference a problem?
The reason is that the gap between portfolio managers and risk departments leads to a balkanisation of thinking about risk. A portfolio manager might say to a member of a risk department, ‘you don’t look at risk in the same way that I do, so I’m just going to do it in my own way’. And vice versa. The upshot is that risk departments and portfolio managers end up speaking different languages when it comes to risk, making it almost impossible to take an integrated approach to risk management.
It is common to hear of teams in financial services organisations disagreeing about the veracity of the risk numbers provided in a particular report. Simple questions, such as whether to represent the value-at-risk as a percentage or in dollars, might seem trivial. But they are not.
Even more important than how the risk is represented is the granularity at which the risk is viewed. For example, can the risk be decomposed into meaningful attribution? Are systematic factors taken into account? The ability to decompose into systematic factors not only points to where the risks are coming from but offers the potential to hedge some of that risk. Decomposition of risk is essential to helping a firm better understand the risks that are being taken.
In certain market conditions, asset returns – and even class returns – are highly correlated, which means that a traditional allocation policy may not allow for true diversification. So, it is necessary to talk about factor allocation and not just asset allocation. There is a requirement to think about what we want to be exposed to, with respect to factors, so that there can be better management of correlation between those factors. This type of discussion needs to take place between investment teams and risk officers, using a common set of data to inform the decision-making.
The issues don’t end there. Does the risk system truly capture the risks of the portfolio? Can it capture the non-linearity of some of the instruments in the portfolio? Is it able to cope with emerging market debt denominated in local currency? Can it offer a consistent view across a portfolio and, at the same time, provide meaningful and granular data for each of the asset classes? In addition, what about the proliferation of multi-asset-class investing? Asset owners and their managers are concerned about risk in all asset classes, as well as the interactions of those risks.
What were once simple and transparent portfolios may now have derivatives included – and many of those derivatives have optionality embedded in them. Consequently, managing the risk of even a traditional equity portfolio has become more complex. Traditional tools cannot provide a complete, comprehensive answer.
For risk management to be truly effective, the oversight and execution teams must share a common vision of the risks that are adopted. And of course that common vision can only be achieved if the risk profile is expressed in a common language of risk – a language that bridges the gaps across mandates, focusing on asset allocation, investment strategy, portfolio management, traders and risk management overall.
The challenge is how to develop such a vision and language.
Part of the answer to these questions lies in changing our focus when it comes to risk. Mandated periodic reporting by regulators, management and clients is now producing vast amounts of risk-related data on a daily basis. But are these huge quantities of data helping or hindering the ability of organisations to truly understand the significance of the risks they face?
In fact, while current methods used by risk departments can be effective at detecting problems, there maybe little that they can do about changing the way risk is actually managed. Risk management, from the perspective of the risk department, is mainly a diagnostic tool. What it needs to become is more akin to preventive medicine. The focus in risk departments needs to shift from ‘what happened’ to ‘what if’, by simulating the outcomes of likely (and unlikely) scenarios and specific potential trades. Those scenarios need addressing continuously.
The importance of asking these ‘what if’ questions could not have been more loudly articulated when the Federal Reserve objected to the capital plan of Citigroup because of inadequacies in the stress-testing environment.
Stress testing has become an integral part of the regulatory landscape. Granted, stress tests must be handled with the understanding that future events may not play out precisely in parallel with historic events. But the information they provide can give insights into the impact of different market scenarios on portfolios.
Risk management is on the cusp of significant evolutionary change. Here are a few of the things we can expect to see: first, risk platforms that support the development of a common vision by delivering not only a common language and representation of risk, but also a level of granularity of the representation of that risk.
Second, risk analysis driven by ‘what if’ questions that are validated by frequently conducted stress tests across a range of scenarios. Third, collaborative processes and state-of-the-art tools that unite the front and middle offices in managing risk firm-wide, across the entire spectrum of assets and investments.
Risk management is to be transformed from a monitoring function to a decision-making process. In doing so, we will substantially strengthen the ‘management’ function and performance of risk management.
Ian Webster is managing director, Europe, at Axioma