section iii operationalizing a risk management strategy
TRANSCRIPT
Section III
Operationalizing a risk management strategy
To Hedge or Not To Hedge
(Derivatives Strategy,March 1996, Vol.1 No.4)
Writer: Joe Kolman Illustrator: Richard Estell
Contents © Copyright 1997 Derivatives Strategy. All rights reserved. [email protected]
Overview
1. Understanding risks
2. Formulating a risk management strategy
3. Define strict rules for the tactical use of risk management
4. Set up a proper corporate control structure
5. Organizational and operational aspects
To what risks To what risks the company is the company is exposed – “a risk exposed – “a risk audit”audit” Define the strategy of Define the strategy of
risk management risk management (which risk (which risk management instruments can management instruments can help to attain corporate goals help to attain corporate goals and avoid the risks)and avoid the risks)
Strict rule for Strict rule for tactical use of risk tactical use of risk management has to be management has to be defineddefined
Finally, a Finally, a proper corporate proper corporate structure has to be structure has to be created in order to created in order to control the use of control the use of risk management risk management toolstools
11
22
33
44
These are the different stage a company should follow in order to have an efficient risk management program and company control.
Take calculated risks. That is quite different from being rash.
George S. Patton, 1944
1. Understanding risks
Risk analysis allows you to understand your exposures…
… and its impact on your bottom line.
Georges Clemençeau, French prime minister at the end of the First World War, once said: ‘War is too serious a thing to be left to generals.' I consider risk management too serious to be left solely to risk managers.
Eric Albrand, CFOSeita
Risk, July 1996
2. Formulating a risk management strategy
Where have we been ?Where are we now ?Where are we going ?
Risk analysis was primarily judgmental
Very little risk differentiation across risk grades
Focused on rank, ordering relative risk
Little use of sophisticated decision support tools (software, default models)
Risk analysis has become somewhat
more quantitative
Better risk differentiation overall, but not in the higher-risk zone
Still focused primarily on relative rank ordering of risk
Some use of decision-support, not widespread in decision-making
Risk analysis more quantitative, supported with technology links to other information sources
Better risk differentiation in the higher-risk zone
Explicit calculation of default probabilities
Explicit use of multiple decision-support models
Know the economic value (risk-based) of each finance-related decision.
THE EVOLUTION OF RISK MANAGEMENT
Define the strategy of risk management
Risks to retain
Risks to hedge Risks to
insure
Source: Statoil
Risk management is not a trading function. Rather, it is a means to reach a corporate goal.
How do you get a risk management strategy in place?
1. Board gives go-ahead for development of strategy
2. Treasurer, CFO or other person gets responsibility for a team that will draft a strategy.
3. The process of drafting requires information gathering:• Corporate risk profile• Tax issues• Internal accounting issues
4. Proposed strategy accepted by board – then work on implementation modalities will start.
Elements of a strategy
- degree of risk aversion
- scope of risk management (corporate, projects, deals…)
- instruments/markets to be used (OTC, futures)
- time horizon
- budget for risk management
- organizational aspects
- how will the risk management operations fit within the larger strategic goals of the company?
Constraints that will influence the strategy:
- Budget
- Ease of access to hard currency
- Relationship with banks (availability of credit lines for hedging)
- General regulatory requirements (e.g., RBI guidelines; for example, could GAIL act as a «broker» for its client companies?)
- Company-specific regulatory requirements (e.g., many public companies are not allowed to « speculate », but how is this defined?)
- Public perception
- Tax regulations
- Skills available in the company.
3. Define strict rules for the tactical use of risk management
The philosophy is, day to day, be relatively decentralized but have strong central guidelines on risk mandates.
Eugene B. Shanks, Jr., PresidentBankers Trust
Business Week, October 31, 1993
Management sets the long-term risk management strategy with strategic benchmarks. Tactical risk management consists of deviations around these benchmarks, to benefit from short-term opportunities.
This implies that those engaged in tactical risk management operations have to function within strict mandates.
These mandates have to be codified in a procedures manual. Among others, this sets up a system of authorizations and approvals.
Management
Operational staff
Strategy
Benchmarks
Proceduresmanual
Targets, limits
Context
The company needs to define, from time to time, limits for the « tactical » risk management in terms of percentages of future exposure to be hedged:
Source: Alabama Electric Cooperative
Maximum
Minimum
Effectively hedged
As of January 2004
Operational guidelines can include risk management targets in terms of (minimum/maximum) prices to be locked in, or in terms of when to hedge future exposure.
Prices as compared to Target percentage ofhistoric average exposure to be hedged
Bottom 40 % 40%Bottom 30 % 50%Bottom 20 % 65%Bottom 10% 80%
Time until exposure Min/max percentages ofexposure to be hedged
3 months 50% - 110 %6 months 30% - 70%1 year 20% - 60%
These limits and targets should be revised regularly by senior management. This is where forecasts come in.
Relying on forecasts is not a good way to manage risk. Anyone able to make consistently reliable forecasts would not work for you, but become an independent billionaire. However, assuming that things will remain unchanged, or avoiding thinking about the future, is in itself an implicit forecast.
So incorporating forecasts into the limits and targets for tactical risk management is the proper thing to do. For example, if a producer believes prices will increase, instead of hedging a minimum of 40% of exposure one year before it occurs, it could be reduced to 20%.
Clearly, the « strategic » part of price forecasts needs to be sorted out at senior level, and should not be left to individual traders. Otherwise, these latter could be paralyzed in their day-to-day trading with worries about whether their forecast was wrong. Traders do not have the job of making forecasts.
In terms of policies and procedures, the company has to deal with four sets of issues:
What will be the procedures that need to be followed?
Who will be responsible for what, and what will staff be authorized to do?
With which outside parties does the company deal, and how?
What will be the general policies on risk management?
What will be the general policies on risk management?
These should be spelled out in a written document, to be approved by the Board of Directors. Would include:
- the overall reasons for using risk management instruments (philosophy, objectives)
- the purpose for which particular types of instruments should be used
- limits for acceptable market and counterparty risks
The procedures manual will deal with procedures.Among others:- job descriptions and segregation of duties- what instruments can be used; and what are the procedures to get approval for use of new instruments- how should transactions, margin deposits and subsequent changes in value of the contracts be recorded and reported- procedures for reconciling traders’ inputs, brokerage statements and financial transfers- the accounting for hedging activities (issue here: how does one reflecting the relation between futures market positions and inventories, commitments etc.)
What will be the procedures that need to be followed?
In recording risk management transactions, one needs to ensure that three criteria are met:
- completeness: all transactions recorded, and all recorded data are retained.
- accuracy: recorded transactions are mathematically accurate
- timeliness: transactions are recorded promptly.
The company needs several risk reports:
- overall Value at Risk of the company (risk of the company losing more than x $ over, say, next month)
- VaR of company units
- profit & loss report (shows difference in value in firm’s portfolio between two dates)
- mark-to-market report (how much does the firm owe, or is owed, on a given portfolio at market prices. Is an indicator of cashflow risks)
- the «greek» report (sensitivity of portfolio to
changes in underlying market values)
- the position report (list of all positions)
Board
Divisional managers
Back office
Traders
The company needs to: - assign functional responsibilities to management and staff (who will negotiate, approve, execute and review? Who will be
responsible at senior executive level?) - develop a proper reward structure for traders and their supervisors- specifically authorize specific traders and supervisors for the kind of transactions they can undertake (position limits, types of instruments that each person can use).
Who will be responsible for what, and what will staff be authorized to do?
For futures trade:- get to know the brokers, and select the ones with whom to work - ensure that brokers know who in the company is authorized to initiate what types of trade- ensure multiple contacts with brokers: persons independent from the traders who initiates positions should receive trade confirmations.
For over-the-counter trade:The key issue here is counterpart risk. First the counterparties, then the deals. Ensure pre-qualification of (and with) several possible OTC counterparties, then “tender” deals between them. Define maximum credit exposures.
With which outside parties does the company deal, and how?
How do you measure success?
One does not measure the success of hedging in terms of «profits made». In an economic cycle, if prices are rising, a producer will automatically make losses by hedging (because he is locking in today’s prices rather than receiving tomorrow’s higher prices), and in the downward part of the cycle, the producer will make hedging losses.
Rather, one should compare the outcome of risk management practices not just with «no hedging», but also with a number of «no thinking involved» strategies, e.g., full, automatic hedging with futures, or «30% hedging with futures, 30% with options, rest unhedged».
4. Set up a proper corporate control structure
Investment in derivatives should always be preceded by investment in controls.
Arthur Levitt, SEC ChairmanRisk/Emerging Markets, April, 1996,
Risk management can raise 3 kinds of Risk management can raise 3 kinds of problemsproblems
IncompetenceIncompetence SpeculationSpeculation AbuseAbuse
Human error and Human error and omissionsomissions
Bad choice of toolsBad choice of tools
Bad choice of strike Bad choice of strike priceprice
Timing problemsTiming problems
By being too much By being too much confident in the confident in the market’s trendmarket’s trend
To cover some To cover some previous mistake or previous mistake or losseslosses
Fraud and white collar Fraud and white collar crime (crime (i.e.i.e. capital capital flight,flight, embezzlementembezzlement))
To prevent misappropriation, fraud, error or risk-enlarging use of risk management instruments, it is essential to set up a good company-level control structure before use starts
These risks should not be These risks should not be underestimated, and one should underestimated, and one should not lightly start to become active not lightly start to become active in risk management markets.in risk management markets.
SpeculationSpeculation
Temptation to speculate with Temptation to speculate with the company’s money is very the company’s money is very large, becauselarge, because
Successful speculation Successful speculation brings large profit with brings large profit with direct reward for those direct reward for those responsible responsible (public (public recognition, promotion, recognition, promotion, large salary increases…)large salary increases…)
A faulty speculation A faulty speculation doesn’t cost the individual doesn’t cost the individual much moneymuch money
Optimist speculator Optimist speculator usually emphases usually emphases the problemthe problem
Speculator may hope that Speculator may hope that he will be able to hide he will be able to hide losses long enough to losses long enough to allow him to make a allow him to make a profit sufficiently high to profit sufficiently high to offset these lossesoffset these losses
To avoid it, it To avoid it, it would be naïve to would be naïve to simply rely on simply rely on individuals’ sense individuals’ sense of responsabilityof responsability
Manager Manager dealing with dealing with
losses only when losses only when they are they are
discovereddiscovered
Opportunity Opportunity presenting itselfpresenting itself ++
FraudFraud
Fraud can Fraud can however easily however easily
be avoided quiet be avoided quiet simply by:simply by:
Listening to Listening to rumoursrumours
Limiting as Limiting as possible the possible the opportunities opportunities
of fraudof fraud
The risk management disasters of the 1990s have a number of factors in common. These factors are nothing new; indeed, similar management problems have led in the past to large losses in real estate lending, or even in letters of credit financing.
E.g., option premiums are E.g., option premiums are reported as real profits; or losses reported as real profits; or losses are carried over from one year to are carried over from one year to
the next.the next.
While systems were put in place, While systems were put in place, the control philosophy never the control philosophy never
became part of the company’s became part of the company’s way of operating. way of operating.
FLAWED MONITORING FLAWED MONITORING SYSTEMSSYSTEMS
FLAWED MONITORING FLAWED MONITORING SYSTEMSSYSTEMS
INATTENTIVE INATTENTIVE MANAGEMENTMANAGEMENT
INATTENTIVE INATTENTIVE MANAGEMENTMANAGEMENT
Too often, blind trust in one person Too often, blind trust in one person replaced prudential controls and replaced prudential controls and limit-setting. Managers are often limit-setting. Managers are often
afraid to reign in successful afraid to reign in successful traders. traders.
BLIND TRUSTBLIND TRUSTBLIND TRUSTBLIND TRUST
It can be highly tempting to It can be highly tempting to speculate with the company’s speculate with the company’s
money. If things go wrong, one money. If things go wrong, one can blame the markets or the can blame the markets or the
sellers. sellers.
EVASION OF EVASION OF RESPONSIBILITIESRESPONSIBILITIES
EVASION OF EVASION OF RESPONSIBILITIESRESPONSIBILITIES
If overly complicated instruments If overly complicated instruments are selected, managers often do are selected, managers often do
not know how to react when not know how to react when things start going wrong. things start going wrong.
LACK OF COMPREHENSIONLACK OF COMPREHENSIONLACK OF COMPREHENSIONLACK OF COMPREHENSION
In some cases, one single person In some cases, one single person or group sets policy, executes or group sets policy, executes
transactions, monitors transactions, monitors performance and controls the performance and controls the
funds. funds.
NO SEPARATION OF NO SEPARATION OF TRADING, ACCOUNTING TRADING, ACCOUNTING
AND CONTROLAND CONTROL
NO SEPARATION OF NO SEPARATION OF TRADING, ACCOUNTING TRADING, ACCOUNTING
AND CONTROLAND CONTROL
Some examples of typical abuses
Most of the well-reported trading losses were the result of deliberate speculation by individuals, who were able to go ahead thanks to a complete failure of supervision.
E.g., Barings – the same person who traded also reported on the results of the trade, and was able to manage the day-to-day financial implications of these trade (even when he requested much more funds for his trading, senior management did not become suspicious).
In other cases, senior management itself was speculating. E.g., MG Corp. (the US subsidiary of Metallgesellschaft). Massive speculation on the forward curve of oil prices, and no consideration of the costs of maintaining positions.
In yet other cases, individuals lost relatively small amounts of money, decided that if they were to declare this, they would be fired anyway, so they went for double or nothing – and again, and again, as long as senior management remained blind to this. Small losses could thus grow to huge ones. E.g., Codelco, Chile. In some cases, senior management in the company was itself responsible – e.g., the rolling forward of Yen-US$ forwards by Japanese oil companies.
But traders have always shown great initiative in finding new ways to abuse the system. After all, the risk-reward ratio can be quite attractive.
5. Organizational and operational aspects
My investment philosophy has always been that victory in the long run accrues to the humble rather than to the bold.
Peter BernsteinCFA Magazine, March/April 2004
Risk management is not a profit center.
Rather, it is a corporate finance activity. It is a tool to optimize the use of the company’s capital while minimizing the volatility of its earnings.
This implies that the way to organize a risk management is not to set up one group that will deal with it, but rather, to incorporate risk management thinking throughout all parts of the company (and the «risk management group» will then provide services in this regard).
Good organization is necessary for good risk management. Several risks need to be avoided.
The company does not understand the
transactions it enters into
Controls are inappropriate or
inadequate
The management framework is ineffective in
overseeing operations
Expertise in the company is insufficient to monitor
operations
The quality and frequency of management
information is insufficient
The management of risk is not seen as a key driver for business decisions
Support and control functions are not
sufficiently integrated
This puts high requirements on
- business processes; and
- information gathering and processing.
It also requires effective channels of consultation and communication, with well-defined roles at the senior management level.
Past
Single transaction
Focus was on the creditofficer & transaction risks
Credit & Marketing
Recent Past
Credit Officer focused on counterparty risks Account manager focused on marketing & the relationship
PastSingle Transaction
Info requirements included risk rating, deal parameters
Recent PastCredit & Marketing
Info requirements included risk rating, deal parameters, customer data, transaction RAROC
Risk decision makers
Information requirements
Transactionfocus
Risk informationrequirements & business process
is expanding
Business process and information requirements
Transaction &relationship focus
Transaction&
relationship&
portfolio focus
1990s
“Deal Teams” Credit officer focuses on counterpart risks Account manager focuses on marketing & the total relationship Portfolio manager focuses on portfolio risks
1990s
“Deal teams”Info requirements include, default probabilities, deal parameters, customer data, relationship RAROC, optimizationdetailed portfolio data, risk factors, covariance, sector analysis etc.
Business process and information requirementsRisk
decision makers
Information requirements
Transactionfocus
Risk informationrequirements & business process
is expanding
Transaction &relationship focus
Transaction&
relationship&
portfolio focus
Companies need to create a workflow. This will involve different departments. Commonly, core responsibilities are split over four groups:
Responsible for the success of the risk management programme. Can be controlled by firmwide risk committee.
Back office
Middle office
Front office
Responsible for paperwork (confirming, reconciling and tracking positions)
Responsible for placing positions (obtaining risk management offers, pricing, executing transactions)
Internal audit
Ensures integrity of process
Front office, middle office and back office need to be able to work in a seamlessly integrated manner. Having a common software platform is normally a prerequisite for this.
Having an efficient workflow is essential to keep the costs related to operating a risk management programme down. According to BrokerTec, the costs for risk management operations are distributed as follows in the absence of a proper integrated electronic system:
Processing
Trading
Settlement
Clearing
30%
5%
60%
5%
A good, integrated electronic platform can cut processing costs alone by 60%, and settlement costs by 80%
Source: Goldman Sachs
Corporate framework for risk management
Sets company’s risk management objectives
The management committee decides how to execute the Board’s plan on a company-wide basis. Reviews reports of firmwide risk committee.
Source: Goldman Sachs
The firmwide committee:
• Approves limits and review exposure
• Reviews and approves new businesses and products
• Crisis management responsibilities
• Day-to-day responsibility with CFO
• Membership and attendance by most senior executives in the firm, including Chairman and COO
You can also have a specially designated « chief risk officer », who is in charge of the middle office and coordinates all risk management activities.
Enact risk policy, and distribute information
from front office, middle office and back office to
the risk committee.
Front office. Executes strategy.
Communicates risk exposures to division
heads.
This is where the middle office and back office are located. - Monitoring of
positions- Reporting to Division heads
Reconciliation of reports and money flows
There are many software packages to manage all this. See, for example, the lists on http://www.bobsguide.com/guide/fmo.html, or http://www.ibspublishing.com/links/links.htm
The audit committee has to ensure the integrity of the rsk management process. For this, it hs to review VaR, profit and loss, mark-to-market and postion reports on a monthly basis, and should regularly review the methods used to value positions (are the proper models used correctly? Are the proper data sources used?)
There are many similarities between risk management and guerrilla warfare. In guerrilla warfare you « expect the unexpected » and leverage your strengths. You have to understand environmental assets and liabilities and use them to your advantage. Guerrilla warfare is pervasive, predictive and asymmetric. It demands quick and accurate action and reaction; it takes a highly specialized strategy.
As you well understand, risk management is not just another item on the laundry list, squeezed in among the « ilities ». Risk management is guerrilla warfare – the enemy might be coming from the trees or the sea, from the right or left, from the underlying technology, or the design, the organizational culture, or the operational environment. Risk management is the strategy of expecting the unexpected.
Rear Admiral Kathleen K. PaigeThe Guerrilla Guide to Risk Management
INCOSE Symposium on risk management, 2001