Risk Anatomy™
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.
Without risk, there is no return” — Truism
Policy is organisational scar tissue” — Jason Fried

The nature of risk

The real risks are the black swans: risks that we don’t recognise as risks until they happen. All significant market dislocations have come from blind spots, incomplete information, unanticipatable interactions between subsystems that seem unconnected but turn out to be tightly coupled in ways to which your meticulously-compiled risk taxonomy — hewn from torrents of hindsight — was blind.

But Known knowns – which risk taxonomies catalogue, and about which risk departments obsess, are not material risks at all, precisely because they are known knowns, are properly identified, managed and controlled.

The thing is black swans, after they happen, are no longer black swans.

Our constitutional insistence[1] in reviewing the tape for PAST PERFORMANCE means we obsess about risks in stables from which horses have already bolted. Eg (okay this is my hobby horse) close out netting. Real risks unknown unknowns won’t cleave to the organisational structure, much less the firm’s own risk taxonomy or division of responsibility for risk management. These things of necessarily, which is based on stables from which horses have already bolted. Therefore unknown unknowns will tend present across non-contiguous areas of risk management – the same risk might be partly legal, partly credit, partly market risk. Each in isolation may be containable, but combined effect less so.

Are they real risks?

Your risk controller is an individual with powerful personal incentives to see risks that might be paper tigers. As long as they're complex, her subject matter expertise will carry her through. But let’s not be cynical. Let us go with it and allow that these are real risks

  • Tail risks or daily risks? Depending on which, the reaction decision differs.
  • Daily risks: You can reliably predict them, quantify them, average their cost and price them based on observed expected probability. This is what insurance underwriters do. But they do this across a wide portfolio of individuals who can’t reliably predict the risk. The predictability is an emergent property of the aggregation of the risks — it's a function of scale. With sufficient scale, you can make a binary decision:
    • accept the risk — in other words, self-insurance — in this case, reprice your service to factor this quantifiable cost of doing business. Charge your customers the insurance premium. For them it may be a tail risk they will pay for; they may only trade once a year. For you, it’s a normal cost of business.
    • reject it — if you can’t price your risk into your offering (and pass it to your clients) don’t take the risk in the first place — even if that means not doing the business at all. No risk, so no insurance. Either way, don’t buy insurance. No need for a risk manager
  • Tail risks: Tail risks are, in principle, insurable. But still you’ve got some questions. How big is the risk? How bad would any risk event be? If it is containable in size given your volume of business (a toaster you use every day blows up once in five years) then take the risk. Again, it's just a cost of business. This is no different in impact to a quantified daily risk. If it is a potentially catastrophic then you still have some questions. Is the business worth it? Have you priced it correctly? How effective is your insurance? Will the risk controller get it right? Will she protect against the risk? Are you sure?

Asymmetry of outcomes

  • Before it happens: before it happens, a risk has a positive value, albeit (if it is an unknown unknown, one that is difficult or impossible to quantify.
  • It is is avoided: A risk that passes untriggered, has no value. It is like an option you wrote that expired out of the money.
  • If it happens: If the risk comes about but the firm has successfully protected itself against it, again it has no value. The firm’s resulting profit and loss is flat. If the the firm has not defended against it, then notionally, someone is responsible. But see diffusion tactics – here the primacy of the individual’s survival instinct over the firm kicks in.

Contractual risk and commercial decision-making

Contract negotiation lawyers tend to be more consequence-agnostic than they need to be — both in creating and commenting on drafts. There is a decision-making aspect to this. Some risks are existential, some are mere irritations. Treat them differently when you formulate your positions. Consider three types of contractual provision:

  • Credit related: Contract clauses which address what happens if your counterparty does — or looks like it imminently will — blow up. These are of mortal significance in a finance contract, where the essence of the arrangement is for the parties to take material present financial exposure to each other: if there is no counterparty, you lose all your money. In service contracts, where a party commits to provide ongoing services for ongoing payments, the “present value” of your exposure is limited, and a counterparty’s failure is less catastrophic: if your building maintenance contractor blows up, you just engage another one. In any case, whatever your exposure, if your counterparty has no assets, it doesn’t matter what the contract says.[2] Can these consequences be ameliorated by the commercial imperative? Generally, no. They are, generally:
  • Regulatory: Will this contract put one or other party in breach of law or regulation? Whose fault is it if it does? Who bears liability? What are the consequences? Can these consequences be ameliorated by the commercial imperative? Generally, no.
  • Commercial liability: Liability outside the outright failure of your counterparty.

See also

References

  1. Stare decisis, anyone?
  2. If you have security or netting rights, QED your counterparty still has some assets left: for example, its claims against you.