Bankers Information Service - Financial Risk Identification: Most Critical, Least Understood (Part 1)

Home Senior Management Compliance & Audit Risk & Finance Operations & Tech Lending Tools

Financial Risk Identification: Most Critical, Least Understood (Part 1)

The task of management understandably involves the identification, measurement, monitoring and controlling of risk. This article proposes that, while the financial field has done well in the areas of measuring, monitoring and controlling risk, it lacks a framework for risk identification.

Two observations are immediately relevant. First, there is literature in the field which deals with risk identification as conducted by financial regulators. But this literature indicates that regulators are primarily concerned with systemic risk and have little to say about pre-systemic risk, such as institutional risk. Where regulation does address institution risk, such as in the proposed Basel II rule, the work is on risk codification rather than identification. Basel does not claim to identify new risks.

Second, the main reason that so little has been said about pre-systemic financial risk identification is because it is only marginally amenable to quantification. Instead of dealing with numerical instances of observed past events, risk identification very often relates to risks that are emerging, or which have not yet been recognized and so cannot be quantified.

The Quirks of Financial Risk Identification

Financial risk identifiers tend to live outside the box with a what if mindset. They are inquisitive, questioning aberrant events and anomalies to accepted wisdoms. They tend to be suspicious, and almost by definition risk-averse so that, compared to a population mean, they are in the order of two standard deviations out on a risk tolerance scale. Sometimes, as well as being inquisitive, they are downright pessimistic. They seem forever to be assuming that what can go wrong probably will go wrong. Strangest of all they prefer possibilities to probabilities, that is to say, the unknown to the known. Their mission tends to be as paradigm-breakers rather than paradigm-makers.

Risk identifiers look out on a world that is often messy. Their gatekeeping role is to introduce an ordering function which allows the senseless to make sense, in particular where it contains the potential for harm. The absence of such gatekeepers can be catastrophic. A large number of financial disasters have been the result of failing to heed their warning signs, from Continental Illinois to Long Term Capital Management.

The purpose of this article is to provide some framework in which to operate when the risks in many cases cannot (yet) be quantified. It is hopeless to look out on a world and simply say that everything poses a potential risk. What looks like chaos is that in which we have not yet found the order. The work on catastrophe theory by Rene Thom (Structural Stability & Morphogenesis) figures in this area. The mathematics involved go beyond the assumption of the continuities underlying differential calculus, and state instead the mathematical patterns of discontinuities in a system undergoing what Thom called morphogenesis. On a conceptual level the same task of ordering change is expressed in Malcolm Gladwell’s The Tipping Point, where some conditions under which circumstances can abruptly change are discussed at length. In Blink, Gladwell explored how understanding does not necessarily come from reason and quantification, but can equally arise from intuition. But how are we to introduce a form to this process, so that we can use it in a coherent exercise of financial risk identification? That is still the open question.

Making Sense of Risk Identification

A promising start lies in the application of structural-functionalism, since what we lack are structures and functions in a land of unidentified financial risk. In particular we look to apply structural-functionalism in the context of financial practices and processes. Finance is the performing of financial functions which are well known, and have long since been identified. The functions are innumerable, stretching in the area of credit risk alone, from the risks inherent in the borrowers of loans to the risks inherent in the counterparties in investment transactions. The functions in which financial risk operates are also found in interest rate risk, information and technology risk, all the way through to operational risk. Few if any of these risks are intersecting. But they are well known.

So too are many of the structures in these risks. We can describe the interest rate risk of a collateralized mortgage obligation to an elaborate degree, using first and second derivatives in the duration and convexity of instruments, and creating option-adjusted spreads in stochastic environments using option pricing models as advanced as LIBOR market models, which rely not only on observed market prices, but on the observed spot rates of LIBOR instruments. And yet, if the structures and functions are so elaborately developed, why is the task of risk identification so profoundly misunderstood? The answer in this example is that the application used is to observations on existing structures, not to emerging ones, or ones in which risk, coagulating into clusters with a critical mass, may have as yet only the potential, and not the actuality of harm.

There are a number of tasks the identification of emergent and potential risk requires. These are:

A strong preference for seeking the emerging financial risk over the known one;
Noticing aberrant events;
Being sensitive to negative occurrences in uncertain contexts;
Seeking tipping points;
Using an open framework to assess and evaluate events;
Exhibiting a willingness to take a stand if a risk is found to exist, and to explore the level of risk that this contains.

Moving Beyond Structured Finance

The risk identifier has to keep in mind that structures and functions can be hard and veridical as just described in structured finance, or they can become increasingly soft. One begins to see this as one lays structural-functionalism across institutional processes. It is at this point that risk identification separates those who blink, in Gladwell’s terminology, from those who do not.

To diagram this thought let us lay out where we have come so far. The variables in emerging risk evaluation lie within the 3-D space shown in Exhibit 1. Risk can be spelled out from no risk to high risk, based on the analysis one performs and the assumptions one brings to bear on a given risk cluster. A wide array of structures can be found within institutions to perform a multiplicity of functions, using a host of different processes. This is the utility of using a structural-functional approach to risk processes. It can be applied regardless of the institution. Banks have one set of broadly defined functions that are required for the ongoing services that banks provide. Brokerage houses, by contrast, would have an entirely different set of functions, as would insurance companies.

Exhibit 1: Risk Evaluation Variables

This article suggests that structures, functions and processes can be assessed in terms of goodness of fit across each of the axes just described, and certain questions thereby asked. In a risk identification, the key question is: are there dysfunctional structures using less-than-best practices (processes) to the point of creating potential or emerging risks to an institution? Answer this, and you have a powerful standard against which to identify an emerging risk.

One also has a clear pointer as to where to look. One works by pointing a finger and saying that this structure, function and process presents a significant risk to the institution. It takes some courage to do this. There is a true story about how one risk manager counseled ALCO strongly against taking on a reverse index-amortizing swap in late 1993. The derivative, being large, stood to lose $50 million if rates rose 300 bps. The risk manager was irate, calling it bad banking. This only earned him a trip to the woodshed. Rates rose 300 bps in 1994. The only thanks the risk manager received was the demand a year later that he produce the ALCO minutes evidencing his warning to executive management, after rates had risen and the swap did indeed lose $50 million.

When Clusters Become Critical

Risk identification is not for the faint of heart. Almost by definition it involves specifying some cluster of risks to be critical and risky, when everyone else has signed off on the action or process. Defenses of denial and recrimination kick in almost immediately. It is important to distinguish risk identification from whistle blowing. The latter is asking for trouble. A risk identifier has to draw on many skills, not the least of which is tact. They have to pick their battles. There are some risks that it is worth a little venom to expose. The rest? You just walk away.

Critical clusters of risk often involve closed cultures and inbred processes. That is partly why they grow to the level of being critical risks. But sometimes we just have to admit that the consequences of some emerging risks are too difficult to play through. Who, for instance, foresaw that the raising of interest rates by the Fed in 1981-82, so the prime rate came to exceed 20%, would have the effect not just of wringing inflation out of the system, but of bankrupting the thrift industry as well? It was unprecedented. No one knew how far and for how long the Fed would have to keep rates somewhere beyond the stratosphere to accomplish its task. For the thrift industry it was too long.

The idea that there might be such a thing as a critical cluster of risks is the starting point to any viable risk identification. By then superimposing a structural-function approach, we put ourselves in a better position to explain why some clusters are critical and others are not. We have a better understanding why sometimes risks can spread like wildfire, and at other times they flare up briefly and then die out. The risks one wants to name fall in the category of wildfires with a potential for escalating into full scale firestorms.

In the mix of a risk identification of structures, functions and processes, the key lies in poor processes. There will always be structures serving financial functions. It is a question of how we go about systematizing this. Structures can be subverted by poor processes to create financial dysfunction. This is the predominant sequence of cause and effect. By stating the most likely primary catalyst, which lies in processes, we give the risk identifier a place to start.

It is people who create processes. If the professional colleagues in a financial institution are part of the problem, they are also part of the solution. Whatever has been created can also be prevented by accepting that the processes are flawed, so that we can fix them. From there, risk identification becomes a process of reflective self identification within the financial institution, and the case becomes ever clearer why, when things go badly wrong, in financial cases, the institution may only have itself to blame.

Part 2 of this series will continue the discussion on identifying risk with an introduction to the 2007 mortgage banking crisis.

Jeremy F. Taylor, National Credit Union Administration

(The opinions expressed in this article are the author’s own and do not necessarily reflect those of NCUA.)

< Previous article		Next article>

[ Back ]

Management Tool of the Month

Director/Senior Management Information Security Self-Assessment Checklist

| Contact Us ][ Subscribe ][ 7-day Trial |