enterprise risk management in financial institutions- revelations of the recent credit crisis and...

[Type text] [Type text] [Type text]

Enterprise Risk Management in Financial Institutions

Revelations of the Recent Credit Crisis and Financial Turmoil

“ A smart man always learns from his mistakes, A wise man learns from mistakes of others, A foolish man never learns “ K.Hayes

A n d r e a s Z a r i f i s

Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008

2 Page Andreas Zarifis

Cass Business School MSc Insurance and Risk Management, July 2008

Enterprise Risk Management

In Financial Institutions

Revelations of the Recent Credit Crisis and Financial Turmoil

Submitted By:

Andreas Zarifis

July 2008

Supervisor

Dr Sotiris Staikouras

This dissertation is submitted as part of the requirements for the award of MSc Insurance and Risk Management




MSc PROGRAMMES

MSc in:____________________________

08 Fall

CRITERIA COMMENTS (Supervisor only) Literature Review

Examination and analysis of information/data

Understanding and coverage of topic

Originality and difficulty

Overall structure of the work

Conclusions

Literacy, style and presentation

GENERAL COMMENTS (Second Internal Assessor)

GENERAL COMMENTS (External Examiner)

70% + 60-69% 50-59% 49% or less Signature Supervisor (name) 2nd Internal Supervisor (name) External Examiner

Student(s) Name(s):_________________________________Date:____ Title of Project: ______________________________________________________

FINAL AGREED MARK

Please enter percentage mark in appropriate Box

(Title of Degree)




Abstract

This study investigates the application of Enterprise Risk Management1 within

Financial Institutionswith focuson the recent credit crisisand financial turmoil.

Forthepastyears,bothacademicsandpractitionershavepraisedEnterprisewide

riskmanagementpoliciesandprocedures inFinancialInstitutionsexhibitinghow

Enterprise RiskManagement implemented as a strategic tool and as part of the

decisionmakingprocess,mayreapoutvariousbenefits.Itmayallowvaluecreation

over the longtermandmitigateunforeseenscenarios thatpreventacorporation

fromreachingitsobjectives.Evenso, implementationisparadoxical, fromalong

termprofithousecentre,toashorttermmarketingcompliancetool.

The recent financial turbulence tested the riskmanagement systems of FI2s and

exposed weaknesses of institutions risk management practices, bringing to

questiontheviabilityofERM.Incontrastseveralfirmsweatheredthestormquite

comfortablywithoutseveredeficiencies.Thedifferentiatingfactorisfoundtolieon

howERMwasappliedandexecutedacrosstheorganization,withspecificareasof

concernandlessonstobelearned.

An outperformance by firms successfully applyingERM throughout the period is

documented. These firms have overcome the recent turmoil without significant

losseswhileotherorganizationsfinancialperformancehasdeterioratedtovarious

levels, even bankruptcy. Furthermore it is found that in those firms that avoided

significant losses senior management played an active role and closely

communicatedwithriskdepartmentsatalltimes.Flexibleriskmodelswereutilized

incorporatingnewmarketconditionsanddecisionsinvolvingnewproductswhere

challenged by various views and perspectives. Lastly, based on results attained,

recommendationswillbemadeonwaystoprogressintermsofimplementingERM

insearchforafoolproofriskmanagementsysteminfinancialinstitutions.

1Inthecontextofthisreportissynonymousto“holisticriskmanagement”,“strategicriskmanagement”and“strategicriskmanagement”intermsofassessingriskandriskmanagementviaacomprehensiveviewandaspronouncedbythe(CAS)CasualtyActuarialSociety

2 InthecontextofthisreportwillrefertoFinancialInstitutions(Banks,Insurancecompanies,Assetmanagementfirms,hedgefunds)

M S c I n s u r a n c e a n d R i s k M a n a g e m e n t




Acknowledgements

First and foremost, I would like to express my gratitude to my supervisor, Dr Sotiris

Staikouras. He has been a true mentor; providing me with invaluable guidance, help

and support throughout the course of this MSc. His professionalism and enthusiasm

have proven inspirational for researching and writing up this paper. Furthermore I’d

like to thank my course leader, Dr Christopher Parsons, his wisdom and manner of

conveying information have been encouraging throughout the year. I would also like to

thank my friends for their encouragement and patience. I am grateful to my father for

his support and understanding and as well as for the sacrifices he has made, giving me

the opportunity to do this MSc. Last but not least, I would like to dedicate this piece of

work to my mother who despite not physically being present throughout the majority of

my life has always been my key motivator in search for knowledge, self-fulfillment and

happiness.




TableofContents

Contents .................................................................................................................................................6

ListofFigures .......................................................................................................................................7

ListofTables .........................................................................................................................................8

DataandMethodology......................................................................................................................9

Chapter1Introduction ............................................................................................................ .11

1.2PurposeoftheStudy........................................................................................................... 15

1.2MainFindings......................................................................................................................... 15

1.3Limitations .............................................................................................................................. 16

Chapter2RiskManagementinFinancialInstitutions ........................................... 18

2.3UpsurgeofRegulatoryScrutinyandCapitalRequirements .............................. 18

2.3RiskManagementinSilos ................................................................................................. 21

Chapter3LiteratureReview.................................................................................................. 23

3.1ERMDevelopmentandFoundations ........................................................................... 23

3.2DefiningandImplementingtheFramework............................................................ 24

3.3ERMinPracticeandIndustryObservations............................................................. 29

Chapter4FindingsfromtheCreditCrisis...................................................................... 33

4.1DriversandImplicationsfromtheFinancialTurmoil.......................................... 33

4.2CaseStudies ............................................................................................................................ 35

4.3FundamentalWeaknessesinERMImplementation ............................................. 37

4.3QuestioningtheViabilityofERM................................................................................... 49

Chapter4Conclusions ............................................................................................................... 41

References ........................................................................................................................................ 54




ListofFigures

Figure1:TheProspectTheory............................................................................................... 11

Figure2:MainCategoriesofRisksFacingFinancialInstitutions ........................... 12

Figure3:GoalofRiskManagementinaStrategicPerspective................................ 13

Figure4:TotalEligibleCapitalasProvidedbyBaselII............................................... 19

Figure5:EconomicCapitalforCreditRisk....................................................................... 20

Figure6:RiskManagementinSilos..................................................................................... 21

Figure7:COSOERMFramework .......................................................................................... 25

Figure8:TheRiskManagementProcess.......................................................................... 26

Figure9:ERMImpactsFourBoardFunctions ................................................................ 28

Figure10:PhasesofTheCrisis .............................................................................................. 33

Figure11:LawsuitsrelatedtotheCreditCrisissoFar ............................................... 42




ListofTables

Table1:Mostsignificantlossessofar................................................................................ 35

Table2:S&PDefiningERMinrespecttoCreditRatingRequirements................ 43




DataandMethodology

Theresearchreportwasprimarilybasedondeskresearch.Themajorityofthe

material was gathered from books, journals and the Internet. The topic in

research has been in discussion for more than a decade but is still at its

embryonic stages of development in practice. As such there are various

limitations in termsofcollectingadequateprimarydata.Despite this, the topic

has attracted abundant literature from academics and research by various

practitioners as (GARP) Global Association of Risk Professionals; (RMA) Risk

Management Association, (PRMIA) Professional Risks Managers Association,

(CAS) Casualty Actuarial Society, (ERMII) Enterprise Risk Management

International Institute, (IRM) Institute of Risk Management, all of which

investigate the benefits of ERM. At the same time regulators have been

promotingsuchframeworks insearchof investorprotectionandinassociation

with specialist practitioners have published various guidance’s relevant to

effective incorporation. (Basel II, 2003);(COSO, 2004); (Solvency II proposal,

2007);(CombinedCode,2003);(SarbanesOxleyAct,2002).

InconsiderationofthecurrentpracticesofERMasecondarytypeinvestigation

wasappliedanalysingtheimplementationofERMthroughouttherecentturmoil

and the weaknesses that have been discovered in Financial Institutions’ Risk

Managementprocesses.Theprimarybasisofthiswasderivedthroughsurveys,

reports and speeches published post‐onset of the turmoil from various

practitioners; as Deloitte, (PWC) PriceWaterhouseCoopers, KPMG, (AIRMIC)

AssociationofInsuranceandRiskManagers,ERMsymposium,(IOA)Instituteof

Actuaries, research companies within the field; Edhec, Navigant Consulting,

(CEPR)CentreofEconomicPolicyresearch,ChartisaswellasCentralBanksand

regulators;FederalReserve,BankofEngland,(IMF)InternationalMonetaryfund

and(SEC)theSeniorSupervisorsGroup.Theseprovidedinvaluableinformation

inrelationtotheresearchfindingsofthisreport.




This report should be seen as an effort to tackle the loopholes that deprive

banks, insurersandother financial institutions fromadequatelyandeffectively

applyingERM.Thisisprovidedbythemarketplayersthatmanagedtoweather

thestormandwithoutsevereconsequencesduetoefficaciousimplementationof

the framework. Most Financial Institutions, especially banks have already

adopted such firm‐wide risk management but there is no empirical evidence

backingthesupremacyofsuchanapproachtothetraditionalriskmanagement

insilos.Regardlessof,theresearchstipulatesthosequalitativefactorsthatincite

Financial Institutions to adopt such an approach and riposte to why ERM is

superior to the traditional departmental riskmanagement approach. Based on

thesuccessfactorsimpliedbythefinancialturmoiltherewillbeintegrationwith

literature findings ensuing the way to adequate risk management systems in

financialinstitutions.




Chapter1:IntroductionPertinenttofinance,riskmanagementemergedin1959andreferredtoportfolio

theory (Markowitz, 1952), it was initially utilised in managing the insurance

portfoliosoforganisations.Theriskmanagementprocesscanbetracedbackto

1974 when Gustav Hamilton pioneered in illustrating the interaction and

integrationofallelementsoftheriskmanagementprocessin“riskmanagement

circle”. Five years on ‘prospect theory’ (Daniel Kahneman and Amos Tversky,

1979)demonstratedtheperverseirrationalityofhumannaturewhenfacedwith

risk,withfearoflosingoften‐outshininggainexpectations,asexhibitedin

Figure1.

Figure1TheProspectTheory

(Padulaetal,2005)

Riskmaybedividedinto2categories(Schroek,2002):

Specific:Thesearerisksspecifictothefirmortheindustryitoperatesandthat

maybediversifiedthroughabalancedportfolioofstocks.

Systemic:Suchrisksaffectthemarketfundamentally,cannotbediversifiedand

expressthedegreeofcovarianceofthedeviationswiththechangesinthebroad

market environment. This risk may be rewarded in the expected returns as

derivedbytheCAPM.3

3CapitalAssetPricingmodel




Figure2illustratesthemaincategoriesofriskfacedbyFinancialInstitutions4.

AnactualexampleandmoreabsoluteproposalofaFinancialInstitution’sriskisillustratedinFigure3

4Thesecategoriescanbefurtherbrokendownintoalargenumberoffurtherriskcategories.SeeSaunders(2008).

5Externalfraud(e.g.3rdpartytheftofinformation),physicaldamage(e.g.earthquake,fire)6Itshouldbenotedthatthereisnoagreeduniversaldefinition.

Figure2MainCategoriesofRisksFacingFinancialInstitutions

OperationalRiskTheriskoflossarisingfrominadequateorunsuccessful internal controls, people andsystems or from external hazardous5events6(BIS,2004).

CreditRiskTheriskthatariseswhenacounterpartyofaloanreschedulesorfailstomakeapaymentoritscreditgradeismigraded(e.g.downgradingofcreditrating)leadingtoeconomiclossoftheFI.(Ong,1999)

MarketRiskTheriskarisingfromassetsandliabilitiesofanFIduetochangestomarketfactorsasinterestrates,currencyvaluesand/orcommodiyorequityprices(Saunders,2008)

BusinessRiskThe risk that arises (other than credit ormarket risk) driven by Fundamentalchanges within the FIs environment thatmay impact its future revenues(e.g. pricewars, threat of entry) (Lam andCameron,1999)

(ERisk.com,2004)




As the Economic landscape evolved7 FI’s interest in risk management grew

considerably. Reacting to such increasing volatilities led to the introduction of

innovative products as forwards, swaps, options and futures. Furthermore as

financial institutions sought to incorporate riskmanagement into theirday‐to‐

dayactivitiesbankersadvocatedonnewmeasuresasValueatRisk,(J.PMorgan8

1994) this was mainly utilised to strengthen internal controls within their

lendingandtradingactivities.Atpresentdayfinancial institutionsconductrisk

managementextensivelyandconsider itasavitalcorporateobjectiveandcore

competence(Raposo,1999).Thisischaracteristicoffinancialinstitutionsasthey

continuouslyendeavourinenhancingtheefficiencyoftheirprocessesaswellas

thewealthoftheirstakeholders,therebydevelopingtechnologicalandfinancial

innovations. Peters goes further arguing that innovation is a prerequisite of

7A)Increasesinvolatilityfrominterestrates,exchangeratesandcommodityprices;B)Regulatorychangesandmodernrequirements;C)technologicaladvances:D)Globalisation.

8RiskMetrics.

Figure3GoalofRiskManagementinaStrategicPerspective

(TDBankFinancialReport,2004)




survival9 in the financial sector (1997). New products develop and markets

integrate aiming to deliver corporate objectives bringing along a number of

complexitiesandriskspreviouslyunheardof.Oneofthefirstacademicstonote

thiswasUlrichBeck(1992),DirectorattheUniversityofMunichwhoargues,the

dynamic aspect of risk is linked to the increasing organisational and

technological complexity within modern societies. Furthermore, Shimko and

Humphreys (1998) point out that bankswith superior risk‐management skills

andsystemssurpasstheircompetitorsbecauseinthelongrunacompany’sstock

willoutperformaslossesareavoided.

Thisreportprovidesanovel literatureexaminingEnterpriseRiskManagement

Drivers and the stage the Financial Sector has reached in effectively

implementing such framework. Surveys convey industry participants’

confirmation of the dominance of ERM in their organizations; findings from

actual market practice are discovered in search for such confirmation,

emphasizinghowwelltheseframeworkswereestablishedandoperatedpreand

postfinancialcrisis.

9AxelLehmann,CROatZurichFinancialServices(2008)argues“Financialinnovationhasbeenakeyfactorineconomicgrowthoverthelast10to20years.Soifwewanttohavecontinuedeconomicgrowthonaworldwidebasis,thatabsolutelydependsoninnovationinthefinancialsector,includinginsurance.”




1.1 PurposeoftheStudyThisstudyhasabinarypurpose

1. To determine the main motivations behind ERM development and the

levelofunderstandingexhibitedbymarketparticipantscorrespondingto

the framework. Academia literature and industry reports prior to the

turmoilwereusedforthispurpose.

2. To investigate how financial institutions applied risk management

practices throughout the financial distress and how effective enterprise

risk management contributed to several organisations’ safeguarding in

lightofstressfulconditions.

1.2 FindingsEnterprise Risk Management implementation was the key factor affecting the

effectivenessofriskmanagementpracticesthroughouttheturmoil.Thisproved

to be the differential between Financial Institutions avoiding significant losses

throughout the subprime crisis and those that sustained considerable losses.

Specifically, those firms that championed ERM throughout the turmoil

successfullyimplementedanumberofcriticalsuccessfactors:

1. Seniormanagementimplementedvigorousoversightofrisk.

2. A wide array risks measures were used that were flexible in terms of

refiningunderlyingassumptions.

3. Data fed in stress testing and Value at Risk models were constantly

updatedandchallenged.

4. EffectiveCommunicationamongstseniormanagement,riskmanagement

functionsandbusinesslineswasemphasised,breakingdownhierarchical

structuresandsilos.

5. Due diligence and judgement pioneered when assessing valuations,

without excessive reliance on external rating agencies, constantly

developingmodelstovaluecomplexorlessliquidsecurities.

6. Robust controls on balance sheet growth, including incentives for




businesslinesadheringtolimitsandextensivemonitoringofoff‐balance

sheetentities.

1.3 LimitationsoftheStudy

1. Aprimaryresearchonthetopicwouldhavederivedmorecompleteand

explicitresults.Duetotheundevelopednatureofthetopicinpracticeand

the lack of appropriate transparency in risk management disclosures

secondaryresearchcouldprovideutmostunprejudicedresults.

2. Despitederiving results fromawidearrayof sourcesandorganisations

thesemaybebiasedtoadegree,reasonbeing,firmsanalysedwithinthis

report may have shareholdings in research companies that have

conducted surveys throughout the turmoil. Thus there may be a

distortion related to publicised findings. In an attempt to mitigate this

manipulation, regulatory and central bank reports have been used to

confirmfindings.

3. The Financial turmoil is still proceeding and affecting firms in various

ways,thusbytheendofthecrisisanumberofnewfindingsmaycometo

thesurfacewithoutbeingmentionedinthefollowingcontext.

4. Financial Institutions analysed within this study have a capital base of

$5bnattheminimum.




This report should be seen as an effort to tackle the loopholes that deprive

banks, insurersandother financial institutions fromadequatelyandeffectively

applyingERM.Thisisprovidedbythemarketplayersthatmanagedtoweather

thestormandwithoutsevereconsequencesduetoefficaciousimplementationof

the framework. Most Financial Institutions, especially banks have already

adopted such firm‐wide risk management but there is no empirical evidence

backingthesupremacyofsuchanapproachtothetraditionalriskmanagement

insilos.Regardlessof,theresearchstipulatesthosequalitativefactorsthatincite

Financial Institutions to adopt such an approach and riposte to why ERM is

superior to the traditional departmental riskmanagement approach. Based on

the critical success factors implied by the financial turmoil there will be

integration with literature findings ensuing the way for the application of

adequateriskmanagementsystemsinfinancialinstitutions.




Chapter2:RiskManagementinFinancialInstitutions2.1UpsurgeinRegulatoryScrutinyandCapitalRequirements

Towards the late 1990’s, RiskManagement caught the attention of the Anglo‐

Saxon Corporate Governance policy makers who endeavoured in finding a

solution to the lack of basic management integrity/competence and weak

internal risk controls. This was brought by a number of internal control

inadequacies(B.Baringsbank,199210),accountingscandals(Enron,200211)and

irresponsible seniormanagement actions (Equitable Life Assurance Society12).

The rise of high company profile failures and scandals had led to corporate

governance and regulatory scrutinywidening its scope, to dealwith risks that

companiesface.Corporationsarenowrequiredtoincreasethetransparencyof

their disclosures and internal control systems which they have embedded to

retain, finance or transfer risk. This can be through a rule base system issued

through legislation as the US Sarbanes Oxley Act 2002 or a principal based

systemastheCombinedCode2003intheUK.

European institutions are directed to comply with guidance concerning their

capital requirements and valuations. Solvency II, a principle‐based guidance

aimed at improving risk management across a Single European Insurance

market. It directs insurers to identify and report risk correlations and

interdependenciesthatsuggesttheuseofEnterpriseRiskmanagementmodels. 10 Nick Leeson a 27-year-old futures trader at the Singapore offices of the bank who managed to los over $1billion of the bank’s money. He concealed his losses as a result of allowing him to get involved in settling his accounts that he exploited by creating an error trading account. He sustained this until he left the bank in 1995. This resulted in the bank’s bankruptcy and was subsequently sold to the ING group (Gapper et al, 1995). 11 Despite not related to financial institutions it is worth mentioning due to the impact it made on corporate governance regulations. The Enron scandal led to 5000 job losses and $1bn in employee in retirement fund losses. This was disguised in Special Purpose Vehicles as no reporting requiremenst are required that were used to book loans as trading revenues (Batson, 2008). They executive management not only fooled investors but also analysts who continued recommending it as a “strong buy” when it was making consecutive losses (Bloomberg, 2008) 12 The oldest mutual life insurer (246 years of age) promising its policyholders more money (in the form of guaranteed annuities) than it actually had for almost more than a decade, (this gap reach $4.4bn by 2001) due to faulty Asset and Liability Management and using dubious actuarial techniques to obscure this. Equitable distributed maximum payouts in the good years (characterized by low interest rates) and inadequately reserved for rainy days (BBC News, 2004). This resulted in more than a million’s retirement funds being slashed. Seven years on, investors are seeking $4.5 from ministers in the UK as the investigation discovered “Serious regulatory failure” when overseeing their operations. (Guardian, 2008).




FurthermoreBaselIIidentifiesthelong‐termuncertaintiesthatexistrespective

to financial institutions operations.Within this setting, theBasel accordswere

formulated to develop and the risk management functions of Financial

Institutions; “From a commercial bank wholesale perspective, from allocating

capital based on generic categories (Banks, Corporate, Sovereigns) to specific

borrowers or institutional debt (Citi Microfinance & Clifford Chance LLP April

2008).”It provides international directives regarding minimum capital

requirements that ought to be held against risks. The following three tiers

(Figure 4) provide eligible provisions on Regulatory capital, as defined by the

BaselAccord.

Figure4EligibleProvisionsofRegulatoryCapitalasProvidedbyBaselIITier1:(CoreCapital)includescapitalanddisclosedreserves(e.g.Qualifiedstock,surplus,retainedearnings)Tier2:(Supplementary–SecondaryCapital)includesundisclosedreserves,subordinateddebt,perpetualdebtandotherdebtandequityinstrumentsTier3:(TertiaryCapital)–IncludesawidearrayofdebtandequityproductsinplacetocoverpartofaFIsmarketrisksthathavenotbeenexternallyverified.13

(BIS,2004)

Furthermore Basel II recapitulates on the use of Economic Capital, this is the

amount of risk capital from a bank’s perspective that would be required to 13Investopedia.comprovideseasytoreadcomprehendibleguidelinesofthese.




remainsolventatagivenconfidence leveland timehorizon.The framework is

incorporated by Value at Risk models, deriving measures for market (VaR),

credit(cVaR)andotherrisks.AnexampleofaVaRcalculationof(EC)Economic

capitalforcreditriskisdepictedinFigure5.

Figure5EconomicCapitalforCreditRiskThe illustration provides the organisation with expected and unexpected lossesproduced by a VaR calculation. The former encapsulates losses arising from dailyoperationswhilethe latter (tailpast3%inthiscase)representsstandarddeviationsfromtheexpectedlosses.Thisexampleillustratesaconfidenceintervalof99.95%.Thiscorresponds to a “AA” rating.Depending on the firms risk appetite and target creditrating,economiccapitalcanbecalculatedlikewise.

(Investopedia.com,2008)

Lastly Basel II defines operational risk14, integrates it with credit risk and

provides threemechanisms bywhich operational risk of increased complexity

may be computed. Thus credit rating agencies and lendersmay be adequately

informed. It aligns regulatory requirements on capital closer to risk but also

introduces amore sophisticatedapproach to riskmanagement.This aspires in

developingariskcultureamongstlenders,wherebythecorporationunderstands

andremainsfocusedonriskasacoreelementofthedesiredstrategy.

14 This definition includes legal risk, but excludes strategic and reputational risk. (BIS, 2004) and isportrayedinfigure2




2.3RiskManagementinSilos

Gainingwideacceptanceforthepastyearsandinfluencingthereformsproposed

by Basel II is management of risks via silos, a method emphasising the

quantification of risks,making use of the latest riskmeasurement advances in

the field (Garside et al, 1999). This method (Figure 6) sets limits across risk

typesandmonitorsandreportsdevelopmentsintherisksilos(Marrison,2002).

Figure6RiskManagementinSilos

TheCaseofanInsurer

(KPMG,2007)

There are weaknesses attached to this approach, for example performance

indicatorsforonebusinesslinemaybedrivenbypremiumgrowthwithoutthe

consideration on how thismay affect the overall risk and capital needs in the

longterm.Likewiseafirm’sdivisionmayunderwriteanamountofbusinessto

increase itsmarketsharewithoutevaluating,understandingorcommunicating




the risk to theoverall enterprise.A firmmayalter its riskprofile andappetite

without full consideration of the implications from various hazards (e.g.

policyholder behaviour, variations in location); Despite aiming to reduce the

overall risk profile it may actually result in increasing the risk for the

corporation,overall(KPMG,2007).AreferencetoanidiombyAlfredEinsteinis

appropriate15atthisstage:

"Noteverythingthatcountscanbemeasured.Noteverythingthatcanbemeasured

counts."

15Thissuitableissuitableforriskmanagementinsilosastheemphasisoftheapproachisonrenderingas

manypossibleriskssusceptibletoquantification(Mikes,2008)




Chapter3:LiteratureReview

3.1EnterpriseRiskManagementDevelopmentandFoundations

Risk managers are required to broaden their scope of responsibilities and

developcomplexprocessesinrelationtothepast.Duetothecomplexityofthe

task associated with the risk management process across the enterprise,

specialist expertise is required. Thus a new management role has recently

emerged,thatoftheChiefRiskOfficer.Thishasbeengrowinginuseandscopeof

responsibilitiesandisusuallyaseniorexecutivetakinganintegralcoordinating

role within the strategic planning process. Since the Chief Financial Officer is

responsible for the overall financial policy of an organisation, the CRO is

requiredtomaintaincloselinkswithhim.

Companies have started considering the importance of such roles and the

implementationofafirm‐wideriskmanagementapproachtotheriskstheyface.

Jointdecisionsarebemade concerninghedgingand insurance and finding the

rightbalancebetween‘retaining’andtransferringrisks,indicatingthedegreeof

correlation between risks. Corporations strive to satisfy key stakeholders in

reachingtheirobjectives,indicatinginterdependenciesandminimisingsystemic

effects.AservicesstudyconductedbyDeloitteonfirmsthatsustainedsignificant

dropinshareholdervaluefounddiscoveredthat80%ofcompaniesaffectedhad

experiencednumerous, interdependent riskevents (KPMG,2007)This implies,

that firms able to manage risk cohesively will result in superior an stable

performance.

Many dominant firms are abandoning their traditional risk silo approach

adopting firm‐wide enterprise risk approach (Lienenberg et al, 2003),

transformingtheirriskmanagementtoEnterpriseriskmanagementasitenables

firms to manage risks in an integrated fashion. Academics and practitioners

argue that ERM may benefit corporations via decreasing stock‐price and




earningsvolatility,increasingcapitalefficiency,reducingexternalcapitalcosts16

and creating synergies between the risk management activities (Lam 2001;

Beasly et al 2006). They argue that generally it increases risk awareness

enhancing both operational and strategic decision‐making. Despite the

increased awareness and amplitude of survey results regarding the popularity

and attributes of ERM frameworks (Hoyt et al, 2003; Beasley et al, 2005)

empirical evidence exhibiting the impact of such program is unavailable

(Schroeck,2002)orscarce(Hoyt,2008).

3.2DefiningandImplementingtheFramework

InSeptember2004theCOSOreleaseditssecondandlongawaitedupdatedERM‐

integrated framework. This model describes key components and risk

management principles for organisations of any size. Compared to the

fragmentedsilostructuredriskassessment,EnterpriseRiskManagementtakesa

broadportfolioapproachtoriskandfocusesonthoseeffectsthatnotonlyhedge

or mitigate risk but also enhances shareholder value (Moelbroek, 2002). The

new framework is complex and the definition17 is not easy to grasp as it was

developedasanall‐inclusivedefinitiontobeusedbyanycompany,profitornon‐

profit,privateorpublicventures.Thisundoubtedlycreatesworkforconsultants,

without guidance it would be hard to implement the model and realise the

benefits due to the complexity in understanding the various components and

their interrelationships. It has to be comprehended that integrating ERMwith

the overall strategy is not a quick and sudden fix but a dynamic process

(Dickinson,2001).Comparedtothepreviousinternalcontrolmodel(1992)the

recentmodelconsistsofonenewobjective;thestrategysetting,whichgrasping

isvitallyimportant.(Bowlingetal,2005)

16 In2006Standard&PoorsupgradedMunichRe from“A‐“ to “AA‐”partlydue to robustERMpractices(Hoyt,2008)

17“Enterpriseriskmanagementisaprocess,effectedbyanentity’sboardofdirectors,managementandotherpersonnel, applied in strategy setting and across the enterprise, designed to identify potential events thatmay affect the entity, and manage risk to be within its risk appetite, to provide reasonable assuranceregardingtheachievementofentityobjectives.”(COSO,2004,p2)




ERMrequires firstabroadrecognitionof thestakeholderswithintheobjective

setting, allowing interestedparties to consider and act daily on themission of

contributingtotheachievementofgoals.Theeighthorizontallayersidentifythe

chronological approach required to achieve eachof the four objectives.This is

founded on the latest risk management process produced by a myriad of

international standards. Startingwith the top layer the company firstneeds to

understand its appetite for risk as part of its internal environment before

beginningitsRiskManagementprocessandthethreebottomlayersexhibitthe

internalcontrols,needberequiredtomanageandmonitorrisksdaily. The3rd

dimensional aspect of the framework exhibits the different levels of the

organisation,startingfromlefttoright,fromenterpriselevelnarrowingdownto

endatthesubsidiarylevel.18ThisisillustratedinFigure7.

Figure7COSOERMFrameworkAnIntegratedApproachAcrosstheStrategicSetting

(COSO,2004)

As previously mentioned, ERM requires a disciplined top‐down process (as

provided by Figure 8); robust parameters for policies and internal control are

18ThisdependsontheFIssizeandstructure.




necessitatedatexecutivelevels(Walkeretal,2002).OnceBusinessunitsarefed

the information and implement the strategy, managers closest to risks are

required to feed back information centrally so as to formulate, amend and

monitortheoverallriskpolicy(Dickinson,2001).Businessunitdelegatesmust

haveacertaindegreeofresponsibilitytocombatbusinessline’exposuresbefore

thesebecomesevere.

Figure8TheRiskManagementProcess

ACorporateFrameworkRequiredforEffectiveImplementation

(Chapman,2006)




Since corporate governance codes make top executives liable, audit functions

have to be made independently from executive functions; (Combined Code

2003)(SarbanesOxleyAct2002)theboardofdirectorssetsapersonresponsible

for the audit committee clearly defining the risk audit function including an

overview of their top management. Subsequently the board of directors is

responsiblefortheERMofthecompanyaccountabletoshareholdersandother

stakeholders. TheChiefRiskOfficer ideally, shouldprovide a linkbetween the

executive committee and operations of the corporation in addition to liaising

with the non‐executive committee, subsequently providing an independent

assessmentandguidancetoshareholders(Lam,2003).

Enterprise Risk Management ought to be embedded within the corporate

strategy of an organisation as the activities used to reach objectives largely

dependon the resourcesandorganisational structure it chooses touse,within

theuncertainenvironmentoftheoperation(Vijentra,2006).

Itcanonlybemeasuredasthedifferencebetweentheinitialsettingofobjectives

and theactualoutcomesof these,both in termsof variance from theexpected

distributionaswellasthedownsidefailureofmeetingtheseentirely(Walkeret

al,2007).Forquotedcompanies,themorealignedarecorporateobjectiveswith

shareholder values the more transparent to enterprise risk will be the stock

market price assessments (Schroeck, 2002). Figure 9 exhibits the effect a

comprehensiveERMframeworkmayhaveontheboardofdirectors.




Figure9ERMImpactsFourBoardFunctions

TheseimpingeonShareholderValue

(Garratt,2003)

Insurance,hedgingandotherfinancialriskdecisionsdemandcoordinationwith

the corporate treasury and capital structure. Both risk retention decisions on

insurance and hedging and their aversion to risk (choice of deductibles and

strikeprices)oughttobedeterminedjointlyasbeingundertheEnterpriseRisk

managementumbrellaastheywillbeprobablynotbeindependent.(Dickinson,

2001)

Throughoutaperiodwherehedginginstrumentsareexpensiveandinsuranceis

goingthrougha“Hard”market19astrategicplanoughttohaveeffectiveinternal

controls in place andminimise operational risks. Thiswillminimise excessive

insurance costs from economically unfair rates. Through an Enterprise risk

management approachwhereby all risks of a strategicportfolio are taken into

19Thisisduetothetheoreticalphenomenonknowsastheunderwritingcyclewherebyinsurancemarketsswingbetweenhardandsoftmarkets.Throughoutahardmarketinsurerstrytocoverforanypreviouslossesincreasingratesandreducingsupply.




account one can more easily monitor and alternate the risk appetite of the

organisationandcounteractsystemiceffects.

3.3ERMinPracticeandIndustryObservations

AsurveyconductedbytheConferenceBoardandMercerOliverWymanin2004

surveyed271executives.Aproportionof91%ofthosequeriedhaveunderstood

theimportanceofacceptingERMorareactuallyimplementingitinpractice.The

survey also derived that 93% of those responsible for assessing risk in their

organisationwhereriskorfinancialmanagers.Respondingtothemaindriverof

ERM66%saidduetocorporatecompliancewhilstoptimistically60%rankedas

importanttheunderstandingofoperationalandstrategicrisks.Cynicallythough

only 11% have formally adopted tan actual framework. This stems from the

complexity of the model and the compliance priorities of organisations on

review.(MITSloanReview,2006)

Anotherdiscoverywasthatonlya fifthofthosesurveyedtakeinventoryofthe

criticalrisksfacedbytheirorganisation;fromthisminorsegmentmorethanhalf

respondents found ERM helped make better informed decisions as well as

improved communication between the executives and the board of directors.

Furthermore organisations that had a fully integrated approach on ERM

reported that it produced better management consensus, assessment and

understanding of key risks 83%, compared to the 36% for all other

organisations. The companies that fully integrate the framework also reported

increasedtransparencyandmanagementaccountability. Itcanbederivedthat

thosewithadvanced integratedapproacheswhoviewedriskmanagementasa

central discipline derived the full extent of advantages, in contrast to the rest

thatimplementacompliance‐drivenmodel.Thisisreaffirmedbyanothersurvey

conducted by Deloitte in association with AESRM in 2007 exhibiting how the

majorityof financial institutionscontinue tomanageriskat the traditional silo

level, thus concealing potential interdependencies of risks and financial

indicators and with the potential exposure of financial institutions to acute




losses. In addition, such isolation may exacerbate dangers attached to new

business lines, thus stifling competition and forgoing growth opportunities

(Kopp.G,2007).Thisexposesfinancialinstitutionstospeculativethreatsinthe

futureduetothechangingeconomiclandscapeandevolutionof4factors:

“EraofRegulation”:The increasingsophisticationofregulatoryrequirements;

from Sarbanes Oxley act and Combined Turnbull Guidance, both increasing

responsibilitiesandtheintegrityofdutiesoftheboard;toBaselandSolvency;all

nowrequireorganizationstocaptureinformationonabroadrangeofrisksthat

may affect theirmarket or operations. As this sophistication increases, so too

must senior management’s and the board’s understanding and related

responsiveness.

Complexity:Duetotheincreasingnatureofnewproductsandcomplexitiesthat

arisefrombusinessmodelsandinterrelationshipsbetweenorganizations,there

needstobeamoreholisticapproachtomanagingrisk.

Connectedness:Theincreasinginterdependencybetweenoperations,risksand

controlshasbecomeevident.Thetraditionalsiloapproachcannotcapturethisas

it leaves too many gaps and does not provide an overall evaluation of an

organization’sriskposition.SomeERMadvocatesrefertoitascommonsenseas

riskbytheirinherentnaturearedynamic(LamthepioneeroftheCROfunction,

2003).Onceasystematicprocessreachesacrossthefunctionsanddepartments

and promotes the sharing of risk and control knowledge, only then can the

correlationsand interconnectednessamongst riskbe trulycaptured.Theseare

thefundamentalsofERM.

MarketForces:Riskmanagementhasbeenenforcedtoseniormanagementand

boardlevelduetovariouscorporatescandals(e.g.Enron,WorldCom)thatforced

boardmembers todigdeep into theirpocketsand settle shareholder lawsuits.

Subsequently Directors have rushed to educate themselves in terms of

understandingarangeofrisks.Atthesametimeexecutivesarepaidexorbitant




bonuses,evenwhenfailingtoincreaseshareholdervalue20.

ErnstandYoungconductedasurveytargetingLifeinsurancecompanies(2008).

In contrast to itsprevious survey (2003)68%respondents statedhavingERM

policiesinplace,23%areintheprocessofdevelopmentand9%areplanningto

developone.ThesurveyexhibitsthatERMisworkstillinprogressandhavenot

yet been fully integrated in companies’ systems andpolicies. Most companies

have formally developed ERMmission statements, principles, procedures and

ownershipstructuresbuthaveyet toaddressthedynamiccharacteristicof the

processasriskaggregation,tolerancesandlimitsandhowtoidentifyemerging

risks.AfindingrelatedtoCROs,isthatdespitehavingaseatatthemanagement

table, 81% stated influencing; product design, pricing and investment strategy

relateddecisionbuthavenoinfluenceonstrategicplanningandfeelsomewhat

that their contribution is rather implicit rather than a consequence of some

formal explicit oversight. Moreover, regardless of the increasing awareness at

board level of risk management other business priorities21 may draw their

attention.

It isyet toberealizedhowimportantriskmanagement isnot inbuilding long‐

term value creation nor have companies clearly understood the depth of

operational and cultural change required to implement the framework

effectively.Significantgapsremainpresent,andcertainareashaveyettomature

in order to promote a disciplined and rigorous approach. Work is needed to

integratefirmsERMpracticestoinfluencestrategicdecision‐making.Thereisa

variabilityoftasksaddressedtoCROsbutthereisalongwaytogobeforetheir

formal risk oversight, aggregation and risk taking evolve and strengthen to a

required degree. Risk measurement should be invested in heavily, so that

sophisticationincreasesincorporatingallcriticaldataneededforriskreporting

anddecision‐making.TheincreasingengagementbytheC‐level22hasbeenfound

20ThreeformerexecutivesofUBSwhoundertheirmanagementledthebankto$38bnlosseslastyear,shareda$87milbonusfromSwitzerland'sbiggestbank(timelesonline.com,2008)

21Asincreasingmarketshareorseekingshort‐termprofit.22C‐levelpostulatesaChiefposition(CEO,CFOandnowCRO)




tobeencouraging,however,risk leadershipeducationespeciallyatboard level

requiresaugmentationtoassertthesustainableevolvementofriskmanagement

within decision‐making (IBM‐CFO survey, 2008). CROs and other Risk

managementexecutiveswillhavetoimprovethequalityoftheircommunication

with executive andboard leadership.Critical formoving risk leadership to the

nextlevelrequiresstrongerfunctionallinksandbettercommunicationbetween

allriskstakeholderswithinorganizations.Noccoconfirmsthisbyarguing“While

ERM maybe straight forward conceptually, its implementation in practice is

not”(2006). The industry has experienced years of consolidation and

reorganization of departments, incorporating risk silo management. Common

creditortradinggroupsdoexistbutveryfewbanksorFIsactuallyreorganizeto

takefulladvantageofanERMculture(IBM‐CFOsurvey,2008).

Restructuring in financial institutions may be required due to a merger or

acquisition, this involves integrating processes, methodologies and

Infrastructure, these need to be realigned (Atkins et al, 2008) as “legacy

systems23” may be developed. The most daunting task is to consolidate IT

systems,astheymustincorporatesystemsfromvariousdepartmentsandlevels

andatthesametimemaintainaregulatoryreportingstandard.ITisasignificant

amount of investment in financial institutions; the problem arises when such

systemsmeet both external and internal requirements, as these remain static.

However, the market environment is constantly changing with an upsurge of

bothcreditratingagencyandregulatoryrequirements.Firmscannotexpectthat

historicalsuccesswillspeculativelyprevailbutmustdynamicallyimprovetheir

systemsenhancingtheircompetitiveadvantage(s).

Thisleadstotheconclusionthatorganizationsneedtobecomemoreefficientas

the more accurate the risk measures are employed; the more effectively the

financial institution may compete in cutthroat competitive environment.

23Computersystemsoperatingforalongtimeandduetothevitalityofthefunctiontheyservecannotbeeasilyupdatedorintegratedwithnewsystemsofadvancedtechnology.




Chapter4:FindingsFromtheCreditCrisis

4.1DriversandImplicationsoftheFinancialTurmoil

Recent market events indicate a number of risk management lessons for

financial institutions. Before the recent turmoil the banking system was

characterisedbystrongbalancesheets,rapidgrowth, innovationandrelatively

fewbankfailures.Suchstatuswithinthemarketbredasenseofoverconfidence

among bankers and investors leading to underestimation of risks and lack of

understanding that such statemaypotentially come toanend.This greedwas

fed into the housing market that was exhibiting an upward trend and led to

blindness in consideringwhatmay result froma disruption to such trend and

housing prices falling (Kohn, 2008). The timeline of events is depicted in the

followingparagraphandsummarisedinthefollowingpage.

Figure10PhasesoftheCrisisAnatomyoftheStorm

(Saunders,2008)




Financial institutions made hefty losses due to concentrated exposure to

securitisation of U.S mortgage related credit. Despite having an inadequate

understandingofCDOs24andrelative instruments’ inherentrisks theyretained

large exposures on them. This resulted in major losses on such holdings and

substantially affected both their earnings and capital positions. Furthermore

failingtounderstandbalancesheetgrowthandliquidityneedsledtoinaccurate

pricing of the risk inherent to possible funding of pricing off‐balance sheet

entities internally when market factors prevented external subsidising.

Leveragedloanswherehardtosyndicateasriskaversionincreasedandappetite

for assets diminished. This impact was trivial regarding capital ratios, but

regarding firms’balancesheets, theseexposures led tosignificantwrite‐downs

andwrite‐offs.Inabilitytoaggregateanorganization’soverallriskpositionwas

themainreasonacreditfailureinarelativelyminorsectionoftheUSrealestate

market to enable a spill over into a global liquidity risk for financialmarkets.

Furthermore increased overreliance onmodel assumptions and the sustaining

silo structure resulted in lackof transparencybetween functions resulting ina

breakdown of confidence, as firm‐wide exposure was unknown. Such state

brought into question the advocacy of Enterprise Risk Management as

imperativeforassessingriskmanagementinfinancialinstitutions.

CertaincompaniesdischargedtheirCROs includingAmbac,WashingtonMutual

IncandCitigroup.InotherfirmsCROsquitinrepulsion,astheywerenevergiven

the opportunity to ever apply an enterprise riskmanagement system orwere

ignoredbytraderswhosettheirownfiefdoms.Otherswereblamedforerrors

beyond their controlandwere treatedasscapegoats. “When theonionpeeled

back, itdisclosed thatonepartof thebankwasn’t talking to theother—itwas

almost thatsimple,” (MatAllen,enterpriseriskservicespractice leader,Marsh,

2008). Table 1 provides the most significant losses incurred by Financial

Institutions,insofar.

24CollateralDebtObligations:Differenttypesofdebt(bonds,loans,otherassets)referred“tranches”that

aresyndicatedinapooltogetherandtradedasaninvestmentgradesecurity.Dependingontheriskandmaturityassociatedwiththedebtthepayoutisadjusted.




James Lam, the father of the position of CRO (GE Capital and Fidelity

Investments)arguesthat ifERMfaileditwasduefirmswerenot incorporating

therightdatatoallowforeffectivedecision‐making,thiscreatedastateofrisk

ignorance. (e.g. some firms relied heavily on credit models that utilized only

sevenyearsofcreditinformation,thiswouldhaverevealedsteadyhouserates

andmilddefaultrates,obviously,suchmodelsunderestimatedexposures).

4.2CaseStudies

BusinessModelFailures

Northern Rock prompted the first run on a UK bank for the first time in 140

years. Despite not being technically insolvent with asset values exceeding

liabilitiesitstruckaliquiditydrought.Duetoitsbusinessmodelitwasrelianton

Table1MostNotableLossessofarFinancialInstitution LossValue

Citigroup $40.7bnUBS $38bnMerrillLynch $31.7bnHSBC $15.6bnBankofAmerica $14.9bnMorganStanley $12.6bnRoyalBankofScotland $12bnJPMorganChase $9.7bnWashingtonMutual $8.3bnDeutscheBank $7.5bnWachovia $7.3bnCreditAgricole $6.6bnCreditSuisse $6.3bnMizuhoFinancial $5.5bnBearStearns $3.2bnBarclays $3.2bn(Bloomberg,2008)




the money markets in fund its mortgage liabilities more than any other

commercial bank.When investors lost their appetite in investing inmortgage

related assets the bank could no longer meet its pending obligations. In

September 2007 the Bank of England injected £25 bill in loans and £30bill in

guaranteesresultinginNationalizationofthedistressedbank25.

BearSternswasaninvestmentbankthatflourishedbetween2001‐2007,anera

characterizedbylowinterestratesandaboominghousingmarket.Itsbusiness

model was highly reliant on fixed income securities. Its troubles came when

demandforsubprimerelatedsecuritiesfadedandcontemplatingonreputational

risk it financed (SIVs) structured investment vehicles from its balance sheets

leadingtoexcessiveliabilitygrowth. Withinthreedays13‐15Marchitscapital

cushionof$17bilevaporated,thisledJPMorganwiththebackingoftheFederal

Reservetomakeanofferof$2persharethatwaslaterfinalizedat$10.Thisis

inconceivablelookingbackayearagowhenBearSterns’sharestradedashighas

$171.51(Bilbull,2008).

Otherexamplescanbefoundinmonoline26insurersasAMBAC,MBIAhadtoseek

additionallyfundingwhentheassetstheyguaranteedweredowngradedsoasto

avoidtheirowndowngradingandcontinueattractingbusiness.

These failures exhibit the degree of vulnerability internal models exhibit in

estimating the risk inherent in organizations’ activities throughout the crisis.

Thebenignmarketconditionsofanumberofyearsprior to the turmoilwhere

usedtocalibratethesemodels, thiswasflawedasthevolatilitythatonewould

find going back 5 years ago would not reflect the extremity of events in the

secondhalfof2007.

25AlotofquestionsarebeingaskedabouttheNorthernRockdownfallaswhythedeteriorationofitsportfoliowasnotactedupontimeandwhydidtheycontinuetradingcomplexfinancialproductsknowingtheriskanduncertaintyconcerningloanswasrising?AninvestigationonthesubjectbytaxexpertRichardMurphydiscoveredthatNRweredisguising$50milusinganoffshoretrust“Granite”andacharityinEngland(CreditMagazine,2008).

26Inthispretextamonolineinsurerisdefinedasaguarantorthatassignsitscreditratingtoloansandoffersassuranceovercounterpartydefaultpayments.




OperationalDeficiencyFailures

LehmanBrothersLondonoperationssuffered losses fromunauthorizedactivity

worth$150milliononmiss‐valuedexoticoptionderivatives.Another financial

titan Credit Suisse suffered $2.85billion write‐downs in February (adjusted

March20th to$2.65bil)due to the failureof its traders toupdatevaluationsof

portfoliosofsubprimelinkedstructuredcreditproductswhilstthesehadfallen.

(CampbellA,April2008,page8).

LateJanuary2008,amediafrenzywascreatedwhenE.SocieteGeneralealleged

thatoneofitsParis‐basedjuniortraders,JeromeKervielaccumulatedmorethan

$7bninlossesfromtheplacementofdirectionalbetsonfuturestransactionsand

covered his tracks by creating forged hedges from the opposite direction. (FT,

2008).Asaresultoftheseallegations,SocieteGeneralerespondedwitha$5.5bn

offer to increase its capital base.(NYT, 2008). Following the investigation,

France’s banking regulator fined “SG” a record €4m for breaching banking

regulations,itwasfoundthatfraudsignalswerepresentbutignoredandthatthe

bankfailedtoinvestadequatelyinitscontrolsystems.(FT,2008)

4.3FundamentalWeaknessesinERMImplementation

During the AIRMIC conference in July (2008) Marsh revealed the results of

research it had undertaken discovering that risk management has not yet

reachedthestageof full integrationwiththedecisionmakingprocessatboard

level.Oneofthemainfindingswasthatonly30%ofRiskmanagersqueriedfelt

somewhat confident that risk management was taken into account in the

strategic decision making process, more worryingly 22% felt that it never or

seldomhappenedwhatsoever.Whenaskedhowtheymeasurethevaluecreated

by riskmanagement 35% stated itwas the impact on ‘cost of risk’while 25%

quantified it in terms of the reduction of incidents or losses. Furthermore5%

citeditasthereductionsininsurancepremiumwhile14%answeredtheydidn’t




measure value. In response to the biggest risk management challenge facing

theirorganizationthemajorityrepliedthatquantificationofriskandmeasuring

value were their biggest concern, 37% found incorporating risk management

into their organizationwas a challenge. Concerning the findings of the survey

Eddie McLaughlin (leader of Marsh Risk Supervisory Group) noted his

understanding that riskmanagement is recognised to contribute to long‐term

successandcompetitiveadvantagebuthasnotyetbeenfullyrecognisedinthe

boardroom. He argues “The challenge remains proving the shareholder value

addedthrougheffectiveriskmanagement.Progresshasbeenmadebylinkingrisk

managementqualitytocapitalallocation,andovertimetoa firm’screditrating,

butasanindustrywearenotthereyet.”

FollowingthemagnitudeoflossesintheindustryEdhecsoughttoinvestigatethe

modelsusedtosupportriskmanagementdecision‐making.Theyaddressed229

financial Institutions based in Europe holdingmore than€10 trillion of assets

undertheirmanagement.ThisisquiterepresentativeofthePan‐Europeanasset

management industry.Oneof themain findingsof the researchwas that firms

are often familiar with research findings but rarely actually implements such

techniques. In consideration to previous years Edhec found usage of VaR and

cVaR(conditionalVaR)hadspreadthroughouttheindustry,methodologiesthat

werepreviouslyusedmainlybyinvestmentbanks.

Such progress has its limits as despite making use of the models; 42%

worryingly assumed normality in their returns and only 10% were

implementingExtremeValuetheorytools(Goltz,2008).Anevenmoreworrying

observationwasthatdespite50%useVaRtoassessriskonly33%makeuseof

themeasuretoestimaterisk–adjustedperformance.Furthermoreitwasfound

that42%ofinstitutionalinvestorsdon’texplicitlyincorporateliabilityriskwhen

developingassetallocationstrategies.




In addition there has been plentiful noise in terms of alpha27, but only a few

actuallymeasureitcorrectly.DespitethelimitationsofassessingAlpha(Myner,

2001) via peer performance analysis; 62%‐ of those queried make use of it,

whilstonly23%actuallymakeuseofmulti‐factormethods;ofwhichadvantages

havebeenproclaimedwithinfinancialresearch(Martellinietal,2005).

ItseemsthatcertainFinancialInstitutionshavefailedtoridethetideofresearch

for the past 2 decades andmakeuse of riskmanagement as amarketing tool.

Edhecfindsthisconcerning;asknowledgeisnottransferredtotheindustryand

testedwithin realistic environments but usedmerely as an aid to the systems

alreadyinplace.

4.4QuestioningtheViabilityofERM

For the past years, both academics and practitioners have praised Enterprise‐

wide risk management policies and procedures in Financial Institutions. ERM

hasbeentouted,as thestandardizedFIriskmanagementapproachandnowis

being re‐evaluated subsequently after the subprime market meltdown. A

disciplinedframeworkguidingcompaniestoapplytheriskmanagementprocess

across the organization including any interplay that may exist between these

acrossbusinessunits.

FinancialInstitutionsfirstembracedERMwithinsuranceandenergycompanies

following. This gave rise to the Chief Risk Officer a senior level position to

manage and supervise the effort. (T&R, 2008). Then the credit crisis and

financial turmoil impacted company after company, especially Financial

Institutions,longthoughttobetheparadigmsinERMpractices–hitabrickwall.

27Ameasureofperformanceonariskadjustedbasis,Alphatakesthevolatility(pricerisk)ofamutualfundandcomparesitsriskadjustedperformancetoabenchmarkindex.Theexcessreturnofthefundrelativetothereturnofthebenchmarkindexisafund'salpha.Alphaisoneoffivetechnicalriskratios;theothersarebeta,standarddeviation,Rsquared,andtheSharperatio.Theseareallstatisticalmeasurementsusedinmodernportfoliotheory(MPT).Alloftheseindicatorsareintendedtohelpinvestorsdeterminetheriskrewardprofileofamutualfund.Simplystated,alphaisoftenconsideredtorepresentthevaluethataportfoliomanageraddstoorsubtractsfromafund'sreturn.Apositivealphaof1.0meansthefundhasoutperformeditsbenchmarkindexby1%.Correspondingly,asimilarnegativealphawouldindicateanunderperformanceof1%(Investopedia,2008)




Such exposures were what ERM was designed to ferret out. As would be

expected,therealityismuchmorecomplicated.

To begin with not all companies experienced large losses as they did in fact

manage their risks appropriately. Empirical evidence finds that certain

companiesapplyingERMdidquitewellrelativetotheircompetitorsandothers

didn’t se the signals coming and grabbed the headlines within the past year

(TreasuryandRisk,ERMsurvey2008).

“JPMorganinthebankingindustryandGoldmanSachsinthesecuritiesindustry—

both well known for their ERM capabilities—actually did quite well relative to

theircompetitors,”“Otherfirms,ofcourse,didn’tseethesignals.”Thosefirmsare

the headline grabbers of the day—Bear Stearns, Countrywide Financial, Ambac,

MBIA,UBSandSwissRe,amongothers.(Lam,presidentofJamesLam&Associates,

2008).

ProblemshavebeenfoundtolieonhowERMisappliedandexecutedeffectively

across the organization. Moreover specific areas of concern and weaknesses

havebeen found in how riskmanagement is applied (Treasury andRisk, ERM

survey2008).




Chapter5:Conclusions

Organisations now are updating and focusing on their risk profiles. Global

regulators request improved corporate governance models and the usage of

internalcontrolframeworks,policiesandprocedures.Simultaneously,investors

arelosingconfidenceandbecomingmoreprudent

NavigantConsulting(2008)recordedastaggeringincreaseinlawsuitactivityin

relationtosubprimeandcreditissues,with170casesfiledinthefirstquarterof

2008 compared with a total of 278 cases filed in 2007. 448 cases have been

found to relate to the credit crisis over a period of 15months up to the first

quarterof2008.Thislevelindicatesthatsoonthe559savingsandloancasesof

theearly1990’swillbesurpassed.Ofthese,42%wherenamedaFortuneGlobal

500companyasthedefendantandfromthe10%thatwerenon‐UScompanies,

half originated from theUK.As Figure11 exhibits and as reportedby aNERA

consulting report 49% of plaintiffs where shareholders, this implies that

shareholders are becoming more active, reinforced with regulatory measures

that have been developed in concern of adequate safeguarding of their

investments.

This finding is reaffirmedby a survey conductedbyRiskMetrics inApril 2008

and in response to shareholder lawsuits 38% indicated lack of effective risk

managementastheprimaryreasonfortherise inactivismandaskeycauseof

thesubprimemeltdown.




FurthermoreCreditratingagenciesfocusonRiskManagementmorethanever.

For example Standard and Poor’s latest report explains the development and

that it will recognize the adoption of firms of accepted risk management

standardsbutthiswillnotbeconsideredbesufficientevidenceofeffectiverisk

management.TherecentturmoilhasFinancialInstitutionsrethinkingtheirrisk‐

management functions; this translates into updates and revived insights for

rating agencies risk analysis. Such updates will revolve around probabilities,

severities and various losses thatmay arise; the fundamental structure of the

ratingwillstayintact.Furthermorerecenteventshavehighlightedtheincreased

importance on focusing on riskmanagement as part of the rating process, not

just as an internal framework but how this is applied throughout the

organizationandasdefinedbytable2.

28DefendantsincludedamongstothersCreditSuisse,HSBC,LehmanBrothers,MerrillLynch,Citigroup,WashingtonMutual,BearStearns,UBS,MorganStanley,andBankofAmerica.

Figure11LawsuitsrelatedtotheSub‐primeCrisis(throughto21/04/08)

Defendants28 Plaintiffs

(NeraConsulting,2008)




In today’s environment Financial Institutions face investor confidence issues,

increased regulatory requirements and rating agency oversight. To effectively

meet such challenges organizations are restructuring their PMI processes

(polices,methodologies,infrastructure).ConsideringCrouhy’s‘essentialsofrisk

management’ these are the three building blocks required to develop an

enterpriseriskmanagementenvironment(Crouhy,etal,2005).

Withinthelastdecadeacademicsandpractitionershavepublishedanumberof

differentmethodsofmeasuringrisk,sometailoredforspecificriskfactorsothers

Table2S&PDefinitionofERMinrespecttoCreditRatingRequirements

ERM ERMisnot…

Anapproachassuringthefirmsisattendingallrisks

Amethodtoeliminateallrisks

Asetofexpectationsamongstmanagement,shareholders,andtheboardaboutthefirmsriskappetite

Aguaranteethatthefirmwillavoidlosses

Asetofmethodsforavoidingsituationsthatmayresultinlossesthatwouldbeoutsidethefirm’srisktolerance

Acrammed‐togethercollectionoflongstandinganddisparatepractices

Amethodtoshiftfocusfrom“cost/benefit”to“risk/reward”

Arigidsetofrulesthatmustbefollowedunderallcircumstances

Awaytohelpfulfillafundamentalresponsibilityofacompany’sboardandseniormanagement

Limitedtocomplianceanddisclosurerequirements

Atoolkitfortrimmingexcessrisksandasystemforintelligentlyselectingwhichrisksneedtrimming

Areplacementforinternalcontrolsforfraudandmalfeasance

Alanguageforcommunicatingthefirm’seffortstomaintainamanageableriskprofile

Exactlythesameforallfirmsinallsectorsorthesamefromyeartoyear

Apassingfad

(S&P,2008)




foraggregatingrisk(e.g.EconomicCapital).

History has exhibited a number of financial crisis from the ‘Black Monday’ of

1987whenworldstockmarketscollapsed, to theAsianCrisisof1997 that led

(IMF)InternationalMonetaryFundininjecting$40billtostabilizetheeconomies

mostlyhit by the crisis; and to the recentUSmortgage crisis of 2007 that has

given rise to a global systemic shock within the financial community. Each of

thesecrisescallsoutfortheimportanceofestablishinggoodriskmeasuresand

PMIprocesses.

Financialinstitutionsfocusthesethreefactors,whichareinfluencedbyinternal

management as well as external factors, such as investor confidence and

regulatory standards. In terms of infrastructure it would be safe to say that

technologyisnotabank’scorecompetenceandwouldbenefitfromoutsourcing

such functions to third parties and gain specialist processes, personnel and

Informationtechnology.

Riskmanagementcanbeappliedviamanagingeachriskonitsownorthrough

anintegratedandholisticapproach,thishasbeenreferredtoasEnterpriseRisk

Management (Nocco, et al, 2006). Its goal is to set policies determining risk

across the firm and its diverse business activities and require methodologies

aggregating thevariable risk types (credit, operational,market).This isnot an

easy task as their distribution patterns vary substantially (Rosenberg, et al,

2004).

Enterpriseriskcanbecalculatedusingeconomiccapitalandriskadjustedreturn

on capital as steered by the capital adequacy guidelines of Basel II. Such

measures integratevarious risk components intoaholisticmeasureutilized to

calculateEnterpriseRisk. Commencingtheanalysisof thecreditcrisis,several

factorsdiscoveredhavetobeprospectivelyaddressedtoimplementasuccessful

ERMframework.




a) Risk Measurement and Management reporting practices ought to be

informativeanddistributedintimelymanner

Communicationbetweenback‐middle‐frontofficesisoptimal. Duetoincreased

convergence of markets and many firms operating globally around the clock;

there needs to be a consensus of streamlining and constructing a solid, data

infrastructure.Thiswillhelpovercomethecomplexityandsheervolumeofdata

nownecessitatedbycurrentadvancedmethodologies.Besidesthis,thereneeds

to be consistent use of a common set of integrated data throughout the

organization. Interdependenciesmayalsoarisecreatingbottlenecks in internal

processes so efficiency in terms of minimizing duplications redundancies is

advised.

Organisationsareinstructedtointegratemeasuresofmarketandcounterparty

risk positions successfully by blending qualitative rigor with quantitative

valuations.Suchharmonisationofriskanalysistendstoproduceahigherdegree

of insight and uniform communication to management regarding fluctuating

exposures. This will equip the firm with the capacity to identify emerging

opportunities andmore importantly to enable a timely reductionof exposures

when risks outweigh expected returns. Furthermore, tools used to manage

liquidity positions should be flexible without built‐in assumptions to assist in

producingmorereflectiveassessmentsoftheir liquidity in lightofthestressful

marketconditions.Thisisvitaltoenabletheirinvestmentonriskmanagement

tomakeanimpactonthebottomlineandcreateshareholdervalue.

If the information derived from the models is not communicated in a timely

mannerthatenablesspeedyactions,then,insteadofaddingbusinessvaluethese

estimateswillonlyreflecthistoricalaccuracy.Thefirmneedstohaveadefined

methodology that by implementingwill give actionablemeasures to act upon.

Historical accuracy will only satisfy regulators but will not meliorate risk

awareness or behaviour of the firm. Whatever the case these can only be

effectiveiftheappropriate ‘input’dataareutilized.Bankshavetheappropriate




knowledge to integrate risk andmarket risksbut toderive an enterprise level

measuretheymustalsoincorporateoperationalriskormayevengobeyondand

include reputational, strategic and business risks. Both Basel II and Sarbanes

Oxley Act (2002) elaborate on operational risk and have provided market

participantswithmoreadvancedmodelsaseconomiccapitalcalculations,rather

thanconsistentlyrelyingonsimplemetricasreturnonequity.

As mentioned the purpose of integrated risk management is to measure risk

acrossthewiderangeofactivitiesaFinancialInstitutionmayoperate;fromthe

traditionalbankingbook,toinsuranceandsecuritiesestimates.Rosenbergstates

thatthisentailstheintegrationofthoserisksandtheirunderlyingdistributions.

(Rosenberg,etal,2004).Anexclusiveenterprisemodelshouldbeinplace,based

on the organizations’ internal competencies and customer analysis; such

methodology will improve the firm’s risk measurement and enhance the risk

management systems inplace.Furthermore firmsmustbeprudent innotonly

measuringtheorganizationsrangeofrisksbutalsoERMitself.

b) Independent and rigorous valuations29 should be constantly applied

acrossthefirm

Senior management must employ critical judgement and discipline when

complexandpotentiallyilliquidsecuritiesarevalued.Rigorousprocessesshould

be established and monitored constantly. Despite considering external rating

agencyassessmentsofcomplexstructuredcreditproductsfirmsshouldnotrely

heavily on them and utilise in‐house expertise to conduct independent

assessmentstoassistinmakingappropriateindependentvaluations.

29Valuation:theverificationofpriceestimatesforholdingswithintherecordsandbooksofafinancialinstitutionthatiscriticaltoestimatethepricebywhichthesecanbesoldortransferredinamarkettoday.




Commencingtheturmoilsuccessfulfirmssoughttoassesstheprecisionoftheir

valuationsbysellingasmallpercentageofsuchassetsandsearchfordisputesof

collateralmarketvaluations.Estimatedvaluations;includingboththeirownand

counterparties positions where used consistently across the corporation.

Thomson Claire, PWC Risk Advisory (2008) argues that companies nowmust

carry out muchmore riskmanagement due diligence themselves, rather than

relyingontheassurancesofothers.

c)Data incorporatedwithindefinedmethodologies shouldbe relevant tomarketconditionsManagement information systems installed to assess risk positions should

exploit a number of tools that rely on various underlying assumptions. Risk

managementprocessesandsystemsshouldbedynamicratherthanstaticsoas

to rapidly alter underlying assumptions regarding elements such as asset

correlations to reflect current conditions, as this may lead to “model risk30”.

Managementmust utilise an array of measures of risk, including hypothetical

gross and net positions in addition to profit and loss reporting to incorporate

divergentperspectivesonthesameexposures.

One can either build flexible models that may respond to current market

conditionsormodelsshouldbecalibratedusingalongertimehorizontoembed

amore realistic level of volatility. Inboth cases though, adegreeof judgment

needstobeexercised.Asexhibited,inputtingthemostrecentdataownitsown

inamodelwillnotprovideanappropriatelong‐termstrategy.Alongerhorizon

is desirable that encompasses amore complete and realistic set of events. For

examplesimilareventstothecreditcrisiswereobservedwhenLTCMcollapsed

in 1998. Increased credit spreads between risky bonds and risk free bonds

30‘Modelrisk’istheriskthatfirmsmayincureitherfromanalyzingwrongdataintherightmodelormay

arisefromtheerroneousimplementationofamodel




caused substantial losses in an arbitrage strategy thought to be risk free,

similarlytocurrentevents.Thecrisis inthebondmarketthenwasinitiatedby

theRussian government defaults that came subsequently on theAsianmarket

turmoil. Stress testing and assumptions are vitally important when historical

data doesn’t exhibit similar instance but when a historical benchmark for

performance is readily available then such data need to be incorporated in

current models. Leo Tilmann31 spoke at the ERM symposium in Chicago this

April and explains that the models used were right, but where just used

incorrectly.

“IfyoutookanykindofaCDOandyoustresstestitthedefaultspeeds,youwould

havegottherightanswersoit’sthebaselinedefaultspeedsthatwerefedintothe

modelsthatwereotherwisefinethatresultedinthewronganswer.”

HeidentifiedthesameweaknesseswithValueatRiskmodelsastheycantellyou

theappropriateriskinanykindofenvironment,howeverwhenrelyingonvery

recenthistoryandvolatilitiesandcorrelationsareexhibitingadecreasethenone

wouldgettheimpressionthattheriskisdeclining,consequentlyafirmtakesup

moreriskatexactlythewrongmoment.

D)CombiningtheinformationatalllevelsintoaggregatemeasuresProblemsareinherentinthewayfinancialinstitutionsmakedecisions.

Disconnect between executive decision‐making and riskmanagement remains.

Despite the fact that the industry has saying risk management should be

proactive,incorporated,aprofitcentreitisnot.Itsnot,becausethelanguageof

strategic decision‐making is still an accounting earnings business strategy,

corporate finance, once all these decision aremade the riskmanager is called

intotheroomandjustconfirmsthatthedecisionsareok,thusviciouscirclesare

created.(Tilmann,2008)

AsoneofthekeyprinciplesofERMistodevelopariskmanagementcultureitis

vitalthatriskmeasuresareaggregatedatall levelsthatoverseemanydifferent

31FormerCFOofBearSterns




levels of the organization; both horizontally and vertically. For example a

business line manager in Geneva will benefit if he/she could notice how the

branch’sportfolioriskcontributestotheaggregateriskmeasureofthefirm.This

willleadtoanunderstandingonhowhisdecisionswillhaveaneffectontherisk

appetite of the enterprise. The ability to aggregate and disaggregate such

measureswillallowforthedevelopmentofrisk‐awareculturedorganization.

Itisanimperativethatcompaniesneedtooperatewithinacomprehensivewell‐

structured risk –appetite; this was reaffirmed by the credit crisis. Exposures

needtobeaggregatedandmanageddynamicallyandholistically.Disciplinedand

robust governance concerning the ownership of risk, its management and

monitoring is vital to counterbalance revenue and growth pressures thatmay

give rise to concentrations of risk. In addition risk‐adjusted performance

measuresarerequiredtooffsetexcessivereturnstemptations.

E)Robustandeffectiveseniormanagementoversight,inconsiderationofstrategicriskA fundamental requirement for effective and prudent riskmanagement is the

effective oversight of an organization. Senior managers should be actively

involvedinriskmanagementsettingoutthefirmsenterprise‐wideriskappetite

generatingincentivesandcontrolstoaffirmthatemployeeswillabidebythose

preferences,withoutexceeding limits. Suchcontrolsactasa counterbalanceof

short‐term profit based incentives that may characterize the prevailing

compensation culture. Successful oversight necessitates the ability to gain

instantaccesstoadiversifiedpoolofhigh‐qualityinformation.Thisinformation

shouldbe transmittedbothhorizontally andvertically; throughout the turmoil

certainfirms’businessunitsdidnotdistributecriticalinformationrelatedtorisk

positionsandbusinesstactics.Thisinturnimpactedtheirprofitabilityadversely.

Competent leaders that successfully managed organizations throughout the

storm had strong and independent risk functions. These functions support

cohesive, disciplined thinking about the firms’ enterprise wide risk profile. In

additionbenefitsmaybegainedwhenriskmanagersare instructedtouncover




latent risks and identify those business lines were excessive risk taking is

assumed. The Basil Committee of Banking Supervisions research found that

Governanceandcontrolprocessesarevitaltotackledifficultiesthatmayarisein

associationwith:

• Complexandilliquidproducts;• Conflicts of interest between front office (traders in business lines) and

back‐officestaff(riskmanagement,accounting);• Linkingaccountingwithriskmanagement.Moreover Financial Institutions should understand the importance of

determiningstrategic riskaboveallotherrisks.CROSshouldreportdirectly to

theCEOandtheboardofdirectors(ERM– InsuranceRiskLeadershipSurvey).

Easley,PofRSMMcGladleyarguesthatifERMfailsitisduetothemisalignment

of strategic risk to other risks occurring concurrently (2008). Easley further

notes that mortgage related risk wasn’t part of many financial institutions

strategicrisk.

“ManycompaniesthinkofERMprimarily,ifnotsolely,intermsoffinancialand

operationalrisks.Othersseeitpurelyasacompliancetool.”“ERMmustgofrom

thebackroomtotheboardroom(Lam,2008).

“The new chapter in ERM is greater understanding of strategic risk (Axel

Lehmann, CRO Zurich Financial Services, 2008)”. A robust link between risk

appetite, corporatestrategyand financialandoperationalobjectives,as setting

limitsandtolerancelevelsacrosstheenterpriseandamongkeystakeholdersis

heavily reliant upon the effective dialogue between risk management with

executivesanddirectors.

Thecrisisaffectedawiderangeofcompaniesthatdidn’trealizehowsuchrisks

couldleadtodireconditionswithintheirownmarkets.(e.g.Paintmanufacturers

were affected as falling real estate values placed less supply of homes on the

market,subsequentlyfewerhousesneededrepaintingpriortotheirsale)Thisis

strategic risk; the risk that events taking place in one industry may have

catastrophiceffectsonanother.ThecompanythathassoundERMpracticeswill

have real estate sales as a key performance indicator that will subsequently




interpret this information to direct effective and timely decisions concerning

their strategy. It all comes down to strategic planning. “You fail to realize a

strategic risk and your stock price is decimated.” (Douglas French, Ernst and

Young,2008).

Interactions as such are insufficient and infrequent in practice andmost CROs

relationshipwiththeboardisona‘dottedline’basislimitinginmanycasesthe

reportingtoauditorcompliancecommittees.CROpowerisalsoverylimited(e.g.

Intheinsuranceindustry,lessthanhalfofriskcommitteesorCROsmayactually

influence key actions as strategic planning, investment strategy, financial

planning,productdesignandpricing)

InErnst&Young’sInsuranceRiskLeadershipSurvey(2008)onlyhalftheCROs

surveyedhadanycontrolorsupervisionregardingequity,interestrate,creditor

operationalrisk.Themajorityrespondedtoexpecthavingsuchoversightinthe

future.ReportingoftheCROtotheCEOandboardshouldbethroughasolidline

and the CEO must have full responsibility of Strategic Risk management in

consultationwiththeCRO.JamesLamgoesastepfurthernotingthatwhenthe

riskmanagementtaskisfoundexhaustingorcannotbeaddressedappropriately,

thenariskmanagementcommitteeshouldbeformed(e.g.Zurichdidthatjust2

yearsago).

To take advantage of a CRO within an FI, such role should be absolutely

independent and able to affect decisions. Throughout the crisis what is

incomprehensibleisthelackofobjectionfromriskprofessionalsconcerningthe

securitizationofbadcredit,asitisstillbadcredit.Practitionersblamethisonthe

lack of CRO independence. It is a very difficult tasks for a CRO to outcry their

concernswhenmaximizingprofitsandmeetingearningsexpectations formthe

culture of the firm. A CRO needs to be rigorous not only in understanding

financial and operational risks but also strategic risks. (Douglas French, Ernst

andYoung,2008).Zurichsoughttoput inplaceaCROasdespitehavingawell

structuredriskorientedorganizationbeforetherewasnorelationshipbetween

thebusiness and riskmanagementdepartments; the formerdidn’t understand

what iswas that riskmanagement provided and the latter didn’t comprehend




whatthebusinesswasdoing.ThustheygaveLehmannthe jobofCROtomake

suchconnectionandfillsuchloopholes.Hehasundertakenthetaskbyinitiating

to integrate its isolated IT systems geographically so as to improve the

organization’s risk–returnmodel and have a clearer strategic view of the vast

amountofdatathatinsuranceorganizationsrelyon.

Such formal, structured processes enable strategic risk –versus –reward

assessments andwithin three years 60% (E&R Survey, 2008) of insurer CROs

anticipate having such systems in place within the next 3 years. Furthermore

90%(E&RSurvey,2008)expectthatwithinthenextfiveyearseconomiccapital,

which can be derived from subtracting the fair value of liabilities from the

market value of assets, will be a key performance indicator. Others feel that

measurement of economic capital has been compliance driven due to intense

pressuresfromindustryparticipatorsasratingagencieswhonowrequireERM

valuationsfromFinancialInstitutions,recentlyextendedtoallcorporationsnon‐

financerelated)

ChallengesOnce the firm establishes ERM as part of the decision making process with

businesslinesassessingandmanagingrisksonadailybasis,thelevelofsenior

oversightmayevenbereduced(Gates,2006).MeasuringERMisnotaneasyand

inexpensivetask.Onecannotsimplyaddthevariousexposuresofmarket,credit

and operational risks together as “Correlation is a minefield for the unwary”

(Embrecht,etal,1999)ormayevenoverestimatedriskby40%(Rosenberg,et

al, 2004). One can make use of a copula approach and by constructing a

correlation matrix, link marginal distributions of the various risks together.

(Rodriquez, 2004) This will benefit banks in terms of building their ERM

measures and lead to one robust, integrated and risk‐aware environment

accountingforanydependenciesorcorrelationsthatmayexist.Attheendofthe

day;theaimistoprovideasinglesetofinformationthateveryonecanleverage




their efforts, sowhen evolving conditions arise; everyonewill knowhow they

maycontributeandbenefit from the system inplace. Inaddition thedesignof

such infrastructureshouldbe flexible inmanipulationtermsto incorporatethe

today’srequirementsbutalsothoseundefinedandwhichlieahead.




References

Aabo,T.Fraser,JR.S.andSimkins.BJ(2005)"TheRiseAndEvolutionOfTheChiefRiskOfficer:EnterpriseRiskManagementAtHydroOne,"JournalofAppliedCorporateFinance,v17(3,Summer),62‐75.AIRMIC(2008)NewsletteroftheAssociationofInsuranceandRiskManagers,JulyVolume.Atkins,D.andBates,I(2008)ManagementofInsuranceOperations,FinancialWorldPublishingBankofEngland(2008)CreditconditionsSurveyQ2:Surveyresults2008/Q2.Banham.R(2008)TreasuryandRisk:TimetoBailonERM?June.BaselCommitteeofBankingSupervision(2008)Fairvaluemeasurementandmodelling:Anassessmentofchallengesandlessonslearnedfromthemarketstress,BankforInternationalSettlements.BankofInternationalSettlements(2006)BaselII:InternationalConvergenceofCapitalMeasurementandCapitalStandards:ARevisedFramework‐ComprehensiveVersion.Beck,U(1992)RiskSociety:TowardsaNewModernity.London:Sage.Blaine,HandHoban,JPJr(1980)"InvestmentInNewEnterprise:SomeEmpiricalObservationsOnRisk,Return,AndMarketStructure,"FinancialManagement,v9(2),44‐51.Beasley,M.S,Carcello,JV.andHermanson,DR(2005)Enterpriseriskmanagement:Anempiricalanalysisoffactorsassociatedwiththeextentofimplementation.JournalofAccountingandPublicPolicy,Vol24,pp521‐531.Beasley,MS.Clune,R.andHermanson,DR(2006),TheImpactofEnterpriseRiskManagementontheInternalAuditFunction,AltamonteSprings,FL,InstituteofInternalAuditorsResearchFoundation.Beasley,M.Pagach,D.andWarr,R(2007)Theinformationconveyedinhiringannouncementsofseniorexecutivesoverseeingenterprise‐wideriskmanagementprocesses.JournalofAccounting,AuditingandFinance.Bilbul.J(2008)EnterpriseRiskManagement:LessonsfromtheCreditCrisis,EMB:ActuariesandBusinessConsultantsLLP.




Bowling,D.Frederick,J.andRieger,J(2003)"TakingTheEnterpriseRisk‐ManagementJourney,"BankAccountingandFinance,v16(2,Feb),16‐22.Bowling,DM.andRieger,LA(2005)"MakingSenseOfCOSO'sNewFrameworkForEnterpriseRiskManagement,"BankAccountingandFinance,2005,v19(1,Feb/Mar),29‐34.Campbell,A(2008)RiskMagazine,NewAngles:Lehmannfeelsthestrain,Volume21,No4.Carrel,P(2008)Executivevie‐presidentatReutersTradeandRiskManagementCreditMagazine:CreditRisk:LearningfromtheCrunch,AprilVolume.Chapman,JR(2006)SimpleToolsandTechniquesforEnterpriseRiskManagement,TheWileyFinanceSeries.CitiMicrofinance&CliffordChanceLLP(2008)MicrofinanceSectorTransformation‐MakingsenseoftheBaselIICapitalAccord,April.Clohan,FH(2003)RiskManagementReports,EnterpriseRiskManagement:Past,Present,Futures,Volume30,No.5.CommitteeofSponsoringOrganizationsoftheTreadwayCommission2004),EnterpriseRiskManagement‐IntegratedFramework,ApplicationTechniques,COSO.CommitteeofSponsoringOrganizationsoftheTreadwayCommission(2004)EnterpriseRiskManagement‐IntegratedFramework,ExecutiveSummary,COSO.CrouhyM,D.Galai,andR.Mark(2005)TheEssentialsofRiskManagement.NewYork:McGraw‐Hill.Cummins,J.Lewis,DChristopher,M.andWei,R(2004)"TheMarketValueImpactofOperationalRiskEventsforU.S.BanksandInsurers"Dec23rd/04.DATAMONITOR(2008)TheEvolutionofEnterpriseRiskManagement:Sub‐primecrisishighlightsneedforEnterprise‐wideapproachtoriskmanagement,DATAMONITORJan31/08.Davis,P(2007)FTreport‐FundManagement:ProperRiskToolsnotAlwaysinPlace,May14th2007,FinancialTimes.Deloitte&ToucheLLPcommissionedbyTheAllianceforEnterpriseSecurityRiskManagementAESRM)(2007),ResearchReport:TheConvergenceofPhysicalandInformationSecurityintheContextofEnterpriseRiskManagement,Canada.




Dickinson,G(2001)"EnterpriseRiskManagement:ItsOriginsAndConceptualFoundation,"GenevaPapers‐Theory,v26(3,Jul),360‐366.Doherty,N(2000)IntegratedRiskManagement:TechniquesandStrategiesforReducingRisk,NewYork,McGrawHill.Edhec(2008)EuropeanInvestmentpracticessurvey,EDHECRiskandAssetManagementResearchCentrePublication.January2008.Embrecht,P.McNeil,A.andStrautmann,D(1999)“Correlation:PitfallsandAlternatives“,.RISKMagazine,May,pp.69‐71.Ernst&YoungLLP(2008)InsuranceRiskLeadershipSurvey:MovingtotheNextLevel–AProgressReportonInsuranceRiskLeadership.Espersen,D(2002)"TrendsInEnterpriseRiskManagement,"BankAccountingandFinance,v16(1,Dec),45‐50.Felsted,A(2008)FinancialTimes:Thedangerofover‐reactingtorecentevents,FinancialTimesLtd2008,April28.FinancialStabilityForum(2008)"ReportoftheFinancialStabilityForumonEnhancingMarketandInstitutionalResilience",April7.Frank,B(2008)FinancialWeek,Survey:EnterpriseriskmanagementstillablindspotforinsuranceCFOs,CrainCommunicationsInc,MayVolume.

Garrat,B(2003)TheFishRotsfromtheHead:TheCrisisinOurBoardrooms‐DevelopingtheCrucialSkillsoftheCompetentDirector,2RevEdition,ProfileBooksLtd,London

Garside,T.andNakada,P(1999)EnhancingRiskMeasurementcapabilities,Erisk.com.Gates,S.andHexter,E.(2006)MITSloanReview,TheStrategicBenefitsofManagingRisk,Spring2006,Vol.47,No.3,pp.6‐7.Gates,S(2006)"IncorporatingStrategicRiskintoEnterpriseRiskManagement:ASurveyofCurrentCorporatePractice”.JournalofAppliedCorporateFinance,Vol.18,No.4,pp.81‐90.Gorvett,R.andVjentra,N(2006)SettingUptheEnterpriseRiskManagementOfficeCallPaperProgram,EnterpriseRiskManagementSymposium,Chicago,IL.Grene,S(2008)FundManagement:Value‐at‐riskskills‘lacking’,FinancialTimes,Feb25,2008.




Harrington,S.Niehaus,G.andRisko,K(2002)"EnterpriseRiskManagement:TheCaseOfUnitedGrainGrowers,"JournalofAppliedCorporateFinance,v14(4,Winter),71‐81.Hoyt,RE.andKhang,H(2000)OntheDemandforCorporatePropertyInsurance,JournalofRiskandInsurance,67,91‐107.Hoyt,RE.Merkley,BM.andThiessen,K(2001)ACompositeSketchofaChiefRiskOfficer,TheConferenceBoardofCanada,September.Hoyt,RE.Moore,DL.andLiebenberg,AP.(2008)TheValueofEnterpriseRiskManagement:EvidencefromtheU.S.InsuranceIndustry.Jenkinson,N(2008)Speech:StrengtheningRegimesforControllingLiquidityRisk:someLessonsfromtheRecentTurmoil,EuromoneyConferenceonLiquidityandFundingRiskManagement.London24thApril.Kahneman,D.andTversky,A(1979)ProspectTheory:AnAnalysisofDecisionunderRisk.Econometrica,Vol47,No2,March,pp263‐292.Kleffner,A.,Lee,R.,&McGannon,B.(2003),Theeffectofcorporategovernanceontheuseofenterpriseriskmanagement:EvidencefromCanada.RiskManagementandInsuranceReview,6,1,pp.53‐73.Kohn,LD(2008)BISReview,TestimonyBeforetheCommitteeonBanking,Housing,andUrbanAffairs:Conditionofthebankingsystem:RiskmanagementanditsimplicationsforsystemicriskU.S.Senate,FederalReserve,June5.KPMG(2001)UnderstandingEnterpriseRiskManagement:AnEmergingModelforBuildingShareholderValue,KPMGLLP.Labate,J(2008)TreasuryandRisk:WheredidERMGoWrong?June2008volume.Laeven,RJA(2005)"WorstVaRScenarios:ARemark",December15.Lam,J.andCameron,G(1999)“MeasuringandManagingOperationalRiskwithinandIntegratedFramework–PuttingTheoryintoPractice,”OperationalRiskinFinancialInstitutions,London,RiskPublications,pp.34‐38.Lam,J(2003)EnterpriseRiskManagement:FromIncentivetoControls,WileyFinance.Markowitz,H(1952)PortfolioSelection,TheJournalofFinance,7,pp.77‐91.Marrison,C(2002)TheFundamentalsofRiskMeasurement.NewYork:McGrawHill




MarshandMcLennanCompanies(2005).AQualitativeSurveyofEnterpriseRiskManagementPrograms,NewYork.Marsh2008AIRMICConferenceSurvey(2008)RiskManagement“stilllacksboardroomclout.“Martellini,L.Malaise,P.andAmenc,N(2005)“FromDeliveringtothePackagingofAlpha,”EdhecRiskandAssetManagementResearchCentre.

Mikes,A(2005),“Enterpriseriskmanagementinaction”,DiscussionPaperNo.35,ESRCCentreforAnalysisofRiskandRegulation.

Minsky,HP(1985)“TheFinancialInstabilityHypothesis:ARestatement.”ArestisandSkourasedition,PostKeynesianEconomicTheory.Meulbroek,LK(2002)IntegratedRiskManagementfortheFirm:ASeniorManager’sGuide,JournalofAppliedCorporateFinance,14,56‐70.Myners,P(2001)"InstitutionalInvestmentintheUnitedKingdom:AReview",ReporttotheChancelloroftheExchequer,HMTreasury,MarchNavigantConsultingReport(2008)FirstQuarter2008Update:ReachingNewHeights,NavigantConsultingInc,April23rd2008Nocco,BW.andStulz,R(2006)Enterpriseriskmanagement:Theoryandpractice.JournalofAppliedCorporateFinance,18,4,pp.8‐20.OliverWyman(2007)FinancialServicesTheCreditCrisis:CorrectionorCatastrophe?OliverWymanInc.Ong,MK(1999)InternalCreditRiskModels‐CapitalAllocationandPerformanceMeasurement,London:RiskPublications,p56. Operational Risk Corporate Governance Exert Group (2005) The ‘Use Test’, Financial Services Authority. OperationalRiskCorporateGovernanceExertGroup(2005)The‘UseTest’,FinancialServicesAuthority.Oswalt,MJ(2003)"AdaptingRiskManagementToProtectTheEnterprise,"CommercialLendingReview,v18(4,Jul),8‐14.President'sWorkingGrouponFinancialMarkets(2008),"PolicyStatementonFinancialMarketDevelopments",March13.Raposo,CC(1999)“CorporateHedging:WhatHaveWeLearnedSoFar?”DerivativesQuarterly,Volume5,Number3,pp.41‐51




RiskMetrics(2008)“WeakRiskManagementPracticesSeenasKeyCauseoftheMortgageMeltdownandSubsequentRiseinSubprime‐RelatedLawsuits,”RiskMetricsGroup,NewYork.Rodriguez,JC(2004)MeasuringFinancialContagion:ACopulaApproach,Workingpaper,EURANDOM.Rosenberg,JV.andSchuermann,T(2004)"AGeneralApproachtoIntegratedRiskManagementwithSkewed,Fat‐TailedRisk"(May).FRBofNewYorkStaffReportNo.185.Sabry,F.Sinha,A.andLee,S(2008)SubprimeSecuritiesLitigation:KeyPlayers,RisingStakes,andEmergingTrendsPartIIIofANERAInsightsSeries,NERAEconomicConsulting,3rdJuly2008.Schroeck,G(2002)RiskManagementandValueCreationinFinancialInstitutionsJohnWiley&Sons,Inc.,NJ,USA.Seib,C(2008)Timesonline:Ex‐UBSchiefsreappayoutdespitelosses,TheTimes,March19SeniorSupervisorsGroup(2008)."ObservationsonRiskManagementPracticesduringtheRecentMarketTurbulence",March6.Segal,S(2006)“DefiningRiskAppetite.”RiskManagement.DeloitteConsulting.July,pp:17‐19.Shenkir,WG.andWalker,PL(2007)EnterpriseRiskManagement:ToolsandTechniquesforeffectiveimplementation,InstituteofManagementAccountants,Montvale,NJ.Shimko,D.andHumphreys,B(1998)“VotingonValue”RiskMagazine,December1998,p33.Smiecheweicz,W(2001)"CaseStudy:ImplementingEnterpriseRiskManagement,"BankAccountingandFinance,14(4,Summer),21‐28.Stambaugh,F(1996)RiskandValueatRisk,EuropeanManagement.JournalVol.I4,No.6,pp.612‐621,Copyright©1996PublishedbyElsevierScienceLtd,PrintedinGreatBritain.Standard&Poors(2008)EnterpriseRiskManagement:Standard&Poor’stoApplyEnterpriseRiskAnalysistoCorporateRatings,RatingsDirect,May72008.Tillman,L.(2008)SpeechatERMSymposium:“InthePursuitofReturn,HaveweLostsightofRisk?”(FormerBearSternsCFO)April15th.TowersPerrin(2008)LifeInsuranceCFOsurvey#19:EmbeddingEnterprise




RiskManagement.TreasuryandRisk(2008)EnterpriseRiskManagementPracticesSurvey,PaisleyLtd.Trippensee,A(2008)EnterpriseRiskManagementSolutions,SASInstituteIn,Cary,NorthCarolina.Varutbangkul,S.andPhakdurong,P(2007)ERM:Compliance‐drivenorvalue‐driven?BankPost,Aprilissue.Wallace,W.andR,Kreutzfeldt.(1991),Distinctivecharacteristicsofentitieswithaninternalauditdepartmentandtheassociationofthequalityofsuchdepartmentswitherrors.ContemporaryAccountingResearch,7,2,pp.485‐512.Walker,PL.Shenkir,WG.andBarton,TL(2002)MakingEnterpriseRiskManagementPayOff:HowLeadingCompaniesImplementRiskManagement,FinancialTimesPrenticeHallBooks,2002. Zhou,Y(2005)RiskManagementataLeadingCanadianBank:AnActuarialScienceGraduate’sView,QuantitativeAnalytics,GroupRiskManagementTDBankFinancialGroup.

enterprise risk management in financial institutions- revelations of the recent credit crisis and...

Documents