Risk Management (RM)

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events [1] or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures (at any phase in design, development, production), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attack from an adversary, or events of uncertain or unpredictable root-cause Companies must take risks to survive and prosper. Once risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence. Risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order.

Risk Management techniques:

Risk avoidance This includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the legal liability that comes with it. Another would be not flying in order not to take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits.

Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy. Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between negative risk and the benefit of the operation or activity; and between risk reduction and effort applied. Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a single iteration. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks.[10] For example, a company may outsource only its software development, the manufacturing of hard goods, or customer support needs to another company, while handling the business management itself. This way, the company can concentrate more on business development without having to worry as much about the manufacturing process, managing the development team, or finding a physical location for a call center. Risk sharing Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk." The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal responsibility for the losses "transferred", meaning that insurance may be described more accurately

as a post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the person who has been in the accident. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. Risk retention Involves accepting the loss, or benefit of gain, from a risk when it occurs. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over the amount insured are retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much. The RM functions primary responsibility is to understand the portfolio of risk that the company is currently taking and the risks it plans to take in the future. The ideas and approaches of RM are equally applicable to other types of corporations. RM is now recognized as a key activity of all corporations. Many of the bankruptcies and disastrous losses would have been avoided if good risk management practices had been in place.

Approaches to managing risks: There are two broad risk management strategies open to the bank or any other organization. One approach is to identify risks one by one and handle each one separately (risk decomposition). The other is to reduce risks by being well diversified (risk aggregation).

Risk vs. Return for investors:

The greater the risks taken, the higher the return that can be realized. The risk of return on stock, bond can be minimized by diversification. Standard deviation of return over one year is the yardstick to quantify the risk. Diversifiable risk/unique risk is caused by such random events as lawsuits, strikes, successful and unsuccessful marketing programs, winning or losing a major contract and other events that are unique to a particular firm. Because these events are random, their effects on a portfolio can be eliminated by diversification. Market risk stems from factors that systematically affect most firm; war, inflation, recessions, high interest rates. Such risks cannot be eliminated by diversifications. Expected value of a variable is its mean value. Most investors are risk-averse and want to increase expected return while reducing the standard deviation of return. They do not like surprises and prefer to invest in companies that show solid growth and meet earnings forecasts.

Risk vs return for companies:

There are risks in too much borrowing or going for an expansion program or acquisition of another firm. The bankruptcy cost is the risk taking argument. Bankruptcy costs are the bank declining the funds request, suppliers not willing to supply on credit, distress sales of assets, destroying of intangibles (companys brand name and its reputation in the market), selling of assets quickly at low prices, large fees paid to accountants and lawyers, quitting of key executives etc. When a major new investment is being contemplated, it is important to consider how well it fits in with other risks taken by the company. Relatively small investments reduce the overall risks taken by a company. Large investments can dramatically increase these risks.

Bank Capital:
Banks face the same types of bankruptcy costs as other companies and have an incentive to manage their risks prudently so that the problem of bankruptcy is minimal. Bank regulators have been active in ensuring that the capital a bank keeps is sufficient to cover the risks it takes. They consider the market risks from trading activities as well as credit risks from lending activities. Illustration: Table 1 Balance sheet: ($ in billions) Assets Cash Marketable securities Loans Fixed assets Total 5 10 80 5 100 Liabilities and net worth Deposits Subordinated long-term debt Equity capital Total 90 5 5 100

Summary income statement: ($ in billions) Net interest income Loan losses Non-interest income 3 -0.80 0.90 Remarks
Fluctuates over the year. In some year default rates in economy are high and vice versa Consists of income from all the activities of a bank other than lending money. This includes trading activities, fees for arranging debt or equity financing for corporation and fees for the many other services the bank provides. This consist of all expenses other than interest paid. It includes salaries, technology-related costs and other overheads. Banks must try and avoid large losses from litigation, business disruption, employee fraud etc.

Non-interest expense

-2.50

Pre-tax operating profit

0.60

Alternative balance sheet with equity only 1% of assets: Balance sheet: ($ in billions) Assets Cash Marketable securities Loans Fixed assets Total Net interest income Loan losses Non-interest income Non-interest expense Pre-tax operating profit 5 10 80 5 100 Liabilities and net worth Deposits Subordinated long-term debt Equity capital Total 3 -4.0 0.90 -2.50 -2.60 94 5 1 100

If tax rate is 35%, the net loss after tax is 1.82 billion; eating away the entire equity and 0.82 billion of subordinated long-term debt i.e. 5-0.82=4.18 billon.

Management of net interest income (assets/liabilities mismatch)

Examples of rates offered by a bank to its customers

Maturity (years) 1 5

Deposit rate 3% 3%

Mortgage rate 6% 6%

Interest rates are equally likely to increase and decrease in future. Investing money for one year and reinvesting for four further on-year periods gives the same expected overall return as a single five-year investment.

The chances are that you would choose one year because this gives you more financial flexibility. It ties up your funds for a shorter period of time. Borrowing money for one year and refinancing each year for the next four years leads to the same expected financing costs as single five-year loan. The chances are that you would choose a five-year mortgage because it fixes your borrowing rate for the next five years and subject you to less refinancing risk. It is likely that the majority of banks depositors opt for one-year maturities and the majority of its customers seeking mortgages opt for five-year maturities. This creates an asset/liability mismatch for the bank and subjects its net interest income to risks. The job of the asset/liability management group is to ensure that the maturities of the assets on which interest is earned and the maturities of the liabilities on which interest is paid are matched. One way to do this is to increase the five-year rate on both deposits and mortgages.
Five-year rates are increased in an attempt to match maturities of assets and liabilities

Maturity (years) 1 5

Deposit rate 3% 4%

Mortgage rate 6% 7%

This would make five-year deposits relatively more attractive and oneyear mortgages relatively more attractive. Some customers who choose one-year deposits will switch to five-year deposits and some customers who chose five-year mortgages will choose one-year mortgages. This

may lead to the maturities of assets and liabilities being matched. If still mismatch the five-year deposits and mortgage rates could further be increased. Nowadays banks with sophisticated systems can detect small differences between the maturities of assets and liabilities and finetune the rates they offer.