Risk: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{a|risk|}}
{{a|risk|}}:“''[[Without risk, there is no return]]''” — Truism
==={{risk|Ecosystem}} versus {{risk|Market}}===
:“''[[Policy]] is organisational scar tissue''” — {{author|Jason Fried}}
*{{risk|Benign}} and {{risk|brutish}}
===The nature of {{risk|risk}}===
*{{risk|Market}}
The real risks are the [[black swan]]s: risks that we don’t recognise as risks ''until they happen''. All significant market dislocations have come from blind spots, incomplete information, unanticipatable interactions between subsystems that ''seem'' unconnected but turn out to be [[tightly coupled]] in ways to which your meticulously-compiled [[risk taxonomy]] — hewn from torrents of hindsight — was blind.  
**The {{risk|firm}}
**{{risk|Government}}
==={{risk|Prisoner’s dilemma}}===
==={{risk|Cooperation}}===
*{{risk|Transaction}}
*{{risk|Risk controller}}
 
======
 
*[[Complexity]]  
*[[Fear]]
*[[Reward]]
*[[Value]] - you add value by changing things. If you can't change substance, change the form.
:Value crutches: [[For the avoidance of doubt]]. [[Without limitation]].
*[[Risk]]
*[[Preservation]]
 
Fear: when your web-filter blocks online translation tools


[[Ship of Theseus]] aka [[Stevie Ray Vaughan]]’s guitar.
But [[Known known]]s – which [[risk taxonomy|risk taxonomies]] catalogue, and about which risk departments obsess, are not material risks at all, precisely ''because'' they are [[known known]]s, are properly identified, managed and controlled.  
[[Eddie the Eagle]]: If you want to make it to the Olympics, don't go for sprinting. Find the most obscure official sport : the least glamorous, the lowest participation rates, the most widely misunderstood, and make it your life's mission. If you want to climb to the top of a greasy pole, find a pole noone else much fancies climbing.  


This is the story of modern professional services occupations - the invention of dreary '' but important '' controller roles. Thus the proliferation of senior regulatory change management professionals
The thing is [[black swans]], after they happen, are no longer [[black swan]]s.


The big ideas<br>
Our constitutional insistence<ref>''[[Stare decisis]]'', anyone?</ref> in reviewing the tape for PAST PERFORMANCE means we obsess about risks in stables from which horses have already bolted. Eg (okay this is my hobby horse) [[close out netting]]. ''Real'' risks [[unknown unknown]]s won’t cleave to the organisational structure, much less the firm’s own [[risk taxonomy]] or division of responsibility for risk management. These things of necessarily, which is based on stables from which horses have already bolted. Therefore [[unknown unknown]]s will tend present across non-contiguous areas of risk management – the same risk might be partly legal, partly credit, partly market risk. Each in isolation may be containable, but combined effect less so.
A just so Story: netting. History. <br>
The first swap – IBM v world bank<br>
Offsetting positions created wild exposure gaps. Framers of the ISDA came up with some clever techniques to offset these exposures <br>
Banks have to hold liquid reserves against liabilities. To prevent Bank runs <br>
Basel accord of 1989. <br>
When were CSAs invented? <br>
:::(is this the great falsification of the capitalist dogma? If corporations are the purest expression of the magic that is weaved when the market’s chains are broken, then how do we account for the high paid, low grade tedium that occupies the great majority of professional middle class? <br>
:::(is it, as David Graeber says, some kind of dastardly stitch-up of the productive workers, born not out of conspiracy but buried resentment of these heroic labourers by the useless bourgeoisie? <br>
:::(if not that, then what? How can this capitalist machine, with its algorithms and AI, its management consultants, its self-help gurus, its thought leaders and passionate change managers, and with so many trillions of dollars at stake – how can it be so inefficient? <br>
And what can we do to fix it? <br>
There is no perfect marketplace. <br>


====Are they real risks?====
Your risk controller is an individual with powerful personal incentives to see risks that might be paper tigers. As long as they're complex, her [[subject matter expert]]ise will carry her through. But let’s not be cynical. Let us go with it and allow that these are real risks <br>
*'''[[Tail risk]]s or daily risks'''? Depending on which, the reaction decision differs.
*'''Daily risks''': You can reliably predict them, quantify them, average their cost and price them based on observed expected probability. This is what [[insurance]] underwriters do. But they do this across a wide portfolio of individuals who can’t reliably predict the risk. The predictability is an emergent property of the aggregation of the risks — it's a function of {{risk|scale}}. With sufficient scale, you can make a binary decision:
**'''accept''' the risk — in other words, {{risk|self-insurance}} — in this case, reprice your service to factor this quantifiable cost of doing business. Charge your customers the insurance premium. For them it may be a tail risk they will pay for; they may only trade once a year. For you, it’s a normal cost of business.
**'''reject''' it — if you can’t price your risk into your offering (and pass it to your clients) don’t take the risk in the first place — even if that means not doing the business at all. No risk, so no insurance. ''Either way, don’t buy insurance''. No need for a risk manager <br>
*'''Tail risks''': Tail risks are, in principle, insurable. But still you’ve got some questions. How big is the risk?  How bad would any risk event be? If it is containable in size given your volume of business (a toaster you use every day blows up once in five years) then take the risk. Again, it's just a cost of business. This is no different in impact to a quantified daily risk. If it is a potentially catastrophic then you ''still'' have some questions. Is the business worth it? Have you priced it correctly? How effective is your insurance? Will the {{risk|risk controller}} get it right? Will she protect against the risk? Are you sure?


:::(v) So in an environment we have many dynamics – brutish competitions, opportunities for wealthy collaboration, each interaction shapes the {{risk|market}}. <br>
===Asymmetry of outcomes===
 
*'''Before it happens''': before it happens, a risk has a positive value, albeit (if it is an [[unknown unknown]], one that is difficult or impossible to quantify.  
:
*'''It is is avoided''': A {{risk|risk}} that passes untriggered, has no value. It is like an [[option]] you wrote that expired [[out of the money]].  
:
*'''If it happens''': If the risk comes about but the {{risk|firm}} has successfully protected itself against it, again it has no value. The firm’s resulting profit and loss is flat. If the the firm has ''not'' defended against it, then notionally, someone is responsible. But see diffusion tactics – here the primacy of the {{risk|individual}}’s survival instinct over the {{risk|firm}} kicks in.
 
 
 
(e) The Individual <br>
:::(i) Motivations:<br>
::::(1) FEAR. This is the chief motivating factor for any individual. <br>
:::::(a) Types of fear:<br>
::::::(i) Fear of screwing up. <br>
::::::(ii) Fear of the known unknown <br>
::::::(iii) Fear of remote but foreseeable contingencies – the chicken licken scenario<br>
:::::(b) Some legitimate risks do not create fear:<br>
::::::(i) unknown unknowns – black swans – do not create fear. It is hard to blame someone for not anticipating something that, qed, could not be anticipated.<br>
::::::(ii) Emergent risks – risks that only arise at a level of abstraction beyond that for which the employee is directly responsible or accountable. <br>
:::::(c) Behaviour which reduces fear<br>
::::::(i) Repeated tasks<br>
::::::(ii) Familiar tasks<br>
::::::(iii) Pre-established modes of operation<br>
::::::(iv) Behaviour which is characteristic of most people in the organisation (homogeneity) <br>
::::::(v) Decisions for which somebody further up for line or across the organisation has accepted responsibility<br>
::::::(vi) Encouraging others to underwrite risk or collectivise /diffuse risk<br>
:::::(d) Behaviour which accentuates fear<br>
::::::(i) New situations <br>
::::::(ii) Unhedged risks<br>
::::(2) REWARD. Compensation for what you do. <br>
:::::(a) Generally an employee does not have an equity stake in the business (OK, OK bonuses – we’ll get on to that) <br>
:::::(b) Employee reward is pre-defined: there may be incentive structures but employees for the most part get fixed compensation. They are creditors of the firm for that compensation. Unless the firm is bankrupt, they are paid regardless of performance. The sanction for poor performance is termination. It is very hard to reduce fixed compensation. <br>
:::::(c) The larger the firm the more specialised the staff, the fewer are specifically revenue generating roles. Most of a multinational Bank is infrastructure: operations, risk management, IT and increasingly middle management : infrastructure to manage the infrastructure. <br>
:::::(d) Therefore only a small portion of the staff have any grounds for incentive based compensation. Some could be incentivised by cost management, but for many – risk,  legal, compliance – performance related pay is largely antithetical. <br>
::::::(i) This will not stop enthusiastic general counsel arguing, in times of feast, that his legal team are skilled enablers of revenue generation, and should be compensated for the profits they help to bring in. <br>
::::::(ii) The stock reply: turning a control function into a profit and loss centre has bee  tried before. It didn’t work out so well. <br>
:::::(e) The bonus culture. No doubt to redress the fear / reward balance, investment banks shifted towards a bonus culture throughout the eighties. <br>
::::::(i) Many of these firms started out life as partnerships, where those bringing in the profits were personally liable for losses, and the compensation they shared was specifically the equity. These firms took advantage of regulatory change to incorporate. The partners changed their formal status (if not their titles) from partner to employee, but the compensation structure remained. While these firms encouraged equity participation (to the point of paying compensation in shares) employees main source of income was celery and not share performance. Indeed the manual dilution of equity capital in the bonus round had the typical effect of depressing share performance. In this way and in many others comma employees in these Incorporated partnerships were and continue to be systematically preferred over equity holders. The same pay structure has been adopted by competing banks which have always had a corporate structure full stop the lesson of the last 30 years has been only a mug is long banking stock .<br>
 
===The nature of {{risk|risk}}===
:(a) The real risks are the ones that people don’t recognise as risks AT ALL. All significant market dislocations have come from blind spots.<br>
:(b) Known knowns – about which firms naturally obsess, in fact are not generally risks at all, precisely because they are known knowns and are properly identified, managed and controlled.<br>
:::(i) Black swans AFTER THEY HAVE OCCURRED are no longer black swans. (“Policy is organisational scar tissue”). Our constitutional insistence in reviewing the tape for PAST PERFORMANCE means we obsess about risks in stables from which horses have already bolted.<br>
:::(ii) Eg close out netting.<br>
:(c) Real risks – especially unknown unknowns<br>
:::(i) Don’t cleave to the organisational structure much less the firm’s own division of responsibility for risk management, which is based on stables from which horses have already bolted<br>
:::(ii) Therefore susceptible to present in different areas of risk management – the same risk might be partly legal, partly credit, partly market risk. Each in isolation may be containable, but combined effect less so<br>
 
===Form over substance===
:(a) Burgeoning complexity means a preference for substance over form<br>
:::(i) As previously rehearsed, the more complex the organisation the less likely people are to understand the substance, let alone be responsible for it. <br>
:::(ii) The form is, by definition, easily articulated. It is measurable, observable, auditable. <br>
::::(1) “Did you review that template by year end?” has a yes/no answer which is easily given in the affirmative. All you need is a diary and a decent sense of time management. <br>
::::(2) “Did you review the template properly?” is a harder question to answer. <br>
:::::(a) Did you check it against policy, legal developments and corresponding templates” is a harder question, but it has a yes/no answer. It functions like a checklist. <br>
:::::(b) Did you get the right answers? Is hard to validate. <br>
===Checklists===
A word on checklists – eyebrow raising book of Atul Gawande. Illustrates the benefit, as well as the limitations, of form as an aide to substance. <br>
:(a) A checklist is an aide memoire to assist a person carrying out a standard task to cover easily overlooked basics, rather than a certificate or means of apportioning responsibility. <br>
:(b) Checklist solves for the ancient dilemma that humans are good at imaginatively solving new problems, but bad at systematically carrying out repetitive tasks. <br>
:(c) In the modern age (at least post information revolution, but really post industrial revolution and even agricultural revolution, progress has been characterised by automating routine tasks and redeploying humans to solve new problems<br>
:::(i) Machines do the repetitions <br>
:::(ii) Humans to the automating. This is a difficult and creative job – it involves analysing manual processes and re-engineering to be machine appropriate. <br>
::::(1) Removing complexity <br>
::::(2) Making design decisions that trade of flexibility for robustness <br>
::::(3) Needless to say process reengineering takes skill, subject matter expertise and time. It is expensive. <br>
::::(4) Natural tension that many subject matter experts will neither have any process reengineering expertise nor is it in their interests to develop it, as it will typically put them out of a job. <br>
::::(5) Difficult decisions to make fundamental changes to process will lead to radically different ways of working which will mean short term disruption as the firm and its individuals adjust to the new paradigm. As with any organism developing a new skill, a firm will have to develop neural networks and muscle memory before the process is bedded in. <br>
::::(6) The model will always be challenged by exceptions: special cases, difficult clients, and secular changes (regulatory change, tech developments) <br>
:::::(a) Key is to have a centralised and coordinated approach to those exceptions. This is a combination of:<br>
::::::(i) Being firm and trusting the model: calling the bluff of single clients who insist on doing things differently. (it is amazing how many platinum clients drop their request when they are told, regretfully, that the negotiation cannot continue) <br>
:::::: (ii) Recognising what is unreasonable client behaviour and what is an incorrectly configured model. If one client insists it must have peanut butter in its burgers, pass up its business. If they all do, change your burger recipe. <br>
:::::(b) The interests of the organisation and the dictates of robust system design are perfectly aligned : <br>
:::::: (i) it should be as simple as humanly – and mechanically – possible, but no simpler). <br>
:::::: (ii) That said, there is no existing business process, no legal document, no internal organisation, that could not be simplified. <br>
:::::(c) Great energy should be expended on keeping it simple. <br>
::::(7) Same is true of business – the design heuristic is exactly that (Roger Martin) <br>
:::::(a) Complexity is such that the cost or required expertise to simplify the process to be automatable is not done. <br>
::::::(i) Instead the existing process is lifted wholesale and outsourced. This meets one criteria, superficially at least (cost reduction) but fails on the others. <br>
:::::::1. The process is still too complex to be automated, and is instead carried out by people with even less comprehension of the details, even less incentive to get things right (no bonuses in Bangalore) and none at all (nor any mandate) to take a view. <br>
:::::::2. Result is more escalation, to a smaller group of remaining subject matter experts (most of whom have been outsourced) who are less expert, and slower to respond. <br>
::::(8) Middle management ought to be the process of overseeing that automation. <br>
:::::(a) For reasons given above, process reengineering will be carried out by people who<br>
:::::: (i) lack subject matter expertise (they will be management consultants, not lawyers) <br>
:::::: (ii) Are focusing purely on short term cost savings. Long-term benefits will accrue after they have gone <br>
===Escalation as a subject in itself===
:(a) Diffusion<br>
:(b) Speed <br>
:(c) Resources <br>
:(d) Organisational Complexity <br>
===Process over substance ===
:(a) Proof of governance was that the meeting took place and was minuted, not what was said – though records are dangerous things in hindsight, after an accident has happened, so expect great attention to be taken on the content of the minutes – the trick being to neuter their content as much as possible so that nothing sensitive or incriminating is in them – the idea being to evidence the form of governance without revealing any more than is absolutely necessary about the content of the governance. <br>
:(b) Unjustified dismissal <br>
:::(i) Substantive unfairness <br>
:::(ii) Procedural unfairness <br>
===The perils of the corporate person===
:(a) Unlike a real person, the interior monologue is not private. <br>
:(b) Unlike a real person, a multinational firm has an utterly verbose interior monologue, everyone is shouting at the same time adding each other to conversations they don’t care to be a part of. Joel Bakan says a corporation is like a psychopath. It might be run by them – that’s plausible – but in its own personality it is more like a paranoid schizophrenic with multiple personality disorder. <br>
:(c) This has proved in this information age to be a far greater bane than anyone realised. Everything is discoverable and like all masses of communication that can be pulled of context it inevitably looks worse in hindsight than it did when it was written down. <br>
:(d) The audit trail fulfils following functions – <br>
:::(i) evidence of compliance with process without reference to substance <br>
:::(ii) To evidence and memorialise decisionmaking. <br>
:::(iii) to evidence qualifications, derogations, assumptions and conditions upon those decisions. Ie to diffuse responsibility for the decision. <br>
:::(iv) The key for SMEs is to articulate conditions of a qualitative (ie requiring comprehension of the subject matter) and not quantitative nature. Ie “assuming sufficiently robust operational setup to satisfy the legal and regulatory requirements”. This allows the operations SME, to whom the consultant will inevitably turn, to create her own qualitative conditions. If she is experienced, her conditions will be in the gift of a third SME, who will create her own qualitative conditions in the gift of a fourth. Eventually the trail will lead in a bureaucratic [[Möbius loop]] back to legal, and the circle of diffusion will be complete. <br>
:(e) For employees who are part of the infrastructure rather than revenue generation – and that is most of them – there is a sharp asymmetry. <br>
:::(i) You are not rewarded for ambition or risk taking – that is not your job. <br>
:::(ii) You are not rewarded for actually avoiding risks – a bad outcome that did not eventuate is not just dog that did not bark in the night-time, it is part of the infinite set of possible but non-existent events. (option pricing) <br>
::::(1) before it materialises, a risk has a positive value, albeit one that is usually impossible to quantify. <br>
::::(2) After the risk has passed untriggered, it has no value. It is like an option that expired out of the money. <br>
::::(3) If the risk comes about but the firm has defended against it, again it has no value. The firm’s resulting profit and loss is flat <br>
::::(4) If the risk comes about and the firm has not defended against it, then notionally, someone is responsible. But see diffusion tactics – here the primacy of the individual’s survival instinct over the organisation kicks in. <br>
===Motivations===
:(a) Individuals who wants to get things done that involve taking new risks or Crossing into unknown territory must develop tools and techniques for disarming natural employee risk avoidance strategies.  for example, <br>
:::(i) Selective escalation piecemeal to different risk controllers. <br>
:::(ii) Appeals to authority (EG the CEO wants this to happen) <br>
:::(iii) Appeals to precedent in the market (EG all our other brokers have given this) <br>
:(b) A secondary motivation is taking credit for things that go well. <br>
:(c) A profound asymmetry, therefore:<br>
:::(i) Bad outcomes <br>
::::(1) Which are genuinely inadvertent - no one’s fault and no one takes responsibility for them<br>
::::(2) Which result from bad decisions, if socialised correctly, are also left un-penalised<br>
:::(ii) Good outcomes<br>
::::(1) Which are genuinely inadvertent will not go unclaimed<br>
::::(2) Which result from good decisions will be claimed by everyone<br>
:(d) Vicious circles<br>
:::(i) Fear leads to confusion leads to complexity leads to confusion leads to fear. <br>
:::(ii) Complexity leads to specialisation. Specialisation leads to siloification. Siloification encourages diffusion of responsibility. Specialisation leads to diffusion of specialist knowledge. Central office techniques for measuring performance cannot cope with the diffused complexity and the specialised knowledge and language in the silos. Also those measuring are themselves specialists with their own arcane knowledge and language which is as impenetrable to the subject matter experts whose data they seek to run their measurements. So measurement is by proxy, by reference to measurable data points. These tend to be numeric, calculatable values. <br>
:::(iii) Subject matter experts (eg lawyers) will complain that, for example, the value in a well crafted indemnity – its enforceability, its scope, its flexibility for unexpected contingency – cannot be sensibly expressed in numerical terms. The evaluator accepts this, and therefore assigns those ineffable features a value of zero. The values they can measure: is there an indemnity (yes/no) and how long did the lawyer take to agree it (what was its direct cost). <br>
:::(iv) Yet these ineffable are precisely what you pay your lawyers to provide. <br>
===Themes===
:(a) No one got fired for hiring IBM. <br>
:(b) Corollary: no business was revolutionised by hiring IBM either. <br>
:(c) The profound secular changes that shape businesses do not spring fully – formed from the brow of Mckinsey & Co. They exist out there, in the market. The personal computer. The invention of the swap in 1982. In invention of the Internet. <br>
:(d) See also the doctrine of precedent. But past performances is no indication of future performance. <br>
:(e) Natural caution, tendency to run with herd and go with flow <br>
:(f) Payment of lip-service to politically astute norms. Diversity a case in point. <br>
:(g) Most insurance is a mug’s game <br>


:(i) Risk and trade off <br>
{{sa}}
:(j) Dumb risk management: we will make this concession for a platinum client  but not for a small Client.<br>
*[[Contractual risk]]
:::(i) Per dollar of revenue, small clients should represent less risk than big ones – they don’t gain from volume discounts or economies of scale. You should already be making more per trade out of small clients than big ones (or you’ve got your model wrong). <br>
*[[Rumsfeld’s taxonomy]] of [[unknowns]]
:::(ii) Unlike operating costs, trading risks do not benefit from economies of scale. In fact they are exaggerated by scale. <br>
{{ref}}
::::(1) Failure of a small firm is absorbable in the ordinary course (assuming you have a lot of small clients you can and should price it in to your service - it self-insures) <br>
::::(2) Failure of a large firm may not be, and may trigger correlation losses. <br>
:::(iii) Conceding credit terms based on volume of business, rather than assessed credit standing, gets things exactly backward: the more risk you take, the more lax my controls will be. <br>
<br>

Latest revision as of 12:35, 7 August 2021

Risk Anatomy™
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.
Without risk, there is no return” — Truism
Policy is organisational scar tissue” — Jason Fried

The nature of risk

The real risks are the black swans: risks that we don’t recognise as risks until they happen. All significant market dislocations have come from blind spots, incomplete information, unanticipatable interactions between subsystems that seem unconnected but turn out to be tightly coupled in ways to which your meticulously-compiled risk taxonomy — hewn from torrents of hindsight — was blind.

But Known knowns – which risk taxonomies catalogue, and about which risk departments obsess, are not material risks at all, precisely because they are known knowns, are properly identified, managed and controlled.

The thing is black swans, after they happen, are no longer black swans.

Our constitutional insistence[1] in reviewing the tape for PAST PERFORMANCE means we obsess about risks in stables from which horses have already bolted. Eg (okay this is my hobby horse) close out netting. Real risks unknown unknowns won’t cleave to the organisational structure, much less the firm’s own risk taxonomy or division of responsibility for risk management. These things of necessarily, which is based on stables from which horses have already bolted. Therefore unknown unknowns will tend present across non-contiguous areas of risk management – the same risk might be partly legal, partly credit, partly market risk. Each in isolation may be containable, but combined effect less so.

Are they real risks?

Your risk controller is an individual with powerful personal incentives to see risks that might be paper tigers. As long as they're complex, her subject matter expertise will carry her through. But let’s not be cynical. Let us go with it and allow that these are real risks

  • Tail risks or daily risks? Depending on which, the reaction decision differs.
  • Daily risks: You can reliably predict them, quantify them, average their cost and price them based on observed expected probability. This is what insurance underwriters do. But they do this across a wide portfolio of individuals who can’t reliably predict the risk. The predictability is an emergent property of the aggregation of the risks — it's a function of scale. With sufficient scale, you can make a binary decision:
    • accept the risk — in other words, self-insurance — in this case, reprice your service to factor this quantifiable cost of doing business. Charge your customers the insurance premium. For them it may be a tail risk they will pay for; they may only trade once a year. For you, it’s a normal cost of business.
    • reject it — if you can’t price your risk into your offering (and pass it to your clients) don’t take the risk in the first place — even if that means not doing the business at all. No risk, so no insurance. Either way, don’t buy insurance. No need for a risk manager
  • Tail risks: Tail risks are, in principle, insurable. But still you’ve got some questions. How big is the risk? How bad would any risk event be? If it is containable in size given your volume of business (a toaster you use every day blows up once in five years) then take the risk. Again, it's just a cost of business. This is no different in impact to a quantified daily risk. If it is a potentially catastrophic then you still have some questions. Is the business worth it? Have you priced it correctly? How effective is your insurance? Will the risk controller get it right? Will she protect against the risk? Are you sure?

Asymmetry of outcomes

  • Before it happens: before it happens, a risk has a positive value, albeit (if it is an unknown unknown, one that is difficult or impossible to quantify.
  • It is is avoided: A risk that passes untriggered, has no value. It is like an option you wrote that expired out of the money.
  • If it happens: If the risk comes about but the firm has successfully protected itself against it, again it has no value. The firm’s resulting profit and loss is flat. If the the firm has not defended against it, then notionally, someone is responsible. But see diffusion tactics – here the primacy of the individual’s survival instinct over the firm kicks in.

See also

References

  1. Stare decisis, anyone?