By Pascal vander Straeten July 01, 2023
In the aftermath of the GFC, “the fundamental risk management failure” remains unaddressed by the regulators. By steering towards the creation of stronger loss absorption capabilities and higher liquidity, regulators merely addressed the symptoms of the crisis (i.e. depressed asset prices, reduced liquidity in many markets, a contraction in the credit markets, etc.). It is a danger, however, that with the implementation of the Basel III reforms, the industry will only be fully ready for a rehearsal of 2008 – and even that is not true – and not for a future crisis.
To minimize tail risks, financial firms must implement a tail risk management framework that proactively identifies and mitigates extreme risks regardless of the type of crisis scenario. There seems to be no differentiation between tail risk and “normal” risk in how conventional risk management is practiced. Nevertheless, tail risk (low probability – extreme severity events) has a very different nature, both in terms of its drivers and impact magnitude. It is for this reason that tail risk needs to be addressed separately.There is no such thing as a “one size fits all” approach here, and what the regulators continue to come up with is very similar to that “one size fits all”.
A classic risk management framework is designed to deal with “normal” risk (under standard normal and bell-shaped assumption) and often fails to respond effectively when an extreme risk event occurs. Unlike “normal” risk, tail risk often comes unmeasured, unpredicted, and is many times based on unknowns (at least unknown to ‘management’).
The existing risk management framework really needs to be enhanced and brought back to basics simultaneously. Tail risk management architecture should include three lines of anti-tail risk defense, which should be customized. However, these lines of defense should already be in place; therefore, it’s a matter of having a culture of risk awareness.
- A firm’s business strategy and model should be its first line of defense. Based on the analysis of financial firm failures, flawed business strategies/models appear to be the main cause of failure. Companies need to develop an approach for examining their strategies and identifying areas outside their “comfort zone” that expose them to extreme, unmanageable risks. The risk appetite should be set correctly to optimize the strategy. An organization’s risk appetite helps it optimize its exposure to tail risk by balancing the business that it runs inside and outside its “comfort zone”.
- Day-to-day risk management practices identify potential tail risk events when they are largely invisible or appear as distant threats. It is important for the firm to develop early warning signal tools that focus on both conventional risks and (extreme) tail risks. Scenario and stress testing can also be used, with a strong emphasis on reverse stress testing. Stress testing is not novel, but stress testing of tail risk scenarios is unique.The traditional method of number crunching doesn’t work here. Rather, the focus is on “what if” and detailed contingency plans, similar to the BCPs for mitigating operational risks. Scenario testing is a kind of “flight simulator” for training people to manage tail risks if done correctly. There are tail risk crises even in the most conservative firms.
- In the event of a crisis like this, the last line of defense is designed to mitigate its impact. Firms’ ability to survive crises is heavily dependent on their ability to navigate them. There should be effective crisis alert systems, multi-level contingency plans, adaptive IT infrastructure, and effective crisis governance to mitigate tail risk crises.
Capital management is not the same as tail risk management. Tail risk management goes beyond capital management as the latter only takes into account risk weighted assets, cost of carry, etc., to allocate economic capital strategically and efficiently. While in the event of an extreme risk, the goal is to preserve the capital, not just to manage capital. Or, to put it another way, tail risk management is akin to a just-in-case risk management system.
The volatility and illiquidity in many markets have exposed a range of challenges for risk management in financial institutions. In addition to methodologies, data, and technology capabilities, effective risk management may require creating an enhanced culture of risk awareness within the organization, and providing an environment and incentives that sustain it. Such risk awareness culture could find inspiration with principles of high reliability organizations and resilience engineering.
In order to create such an environment, appropriate governance is essential.Senior management must provide leadership in the enhancement and transparency of the institution’s risk strategy, appetite for risk, and risk management framework, with oversight and input from the board. In order to remain relevant to guiding business decisions, these perspectives need to be refreshed with changing business conditions.
The Chief Risk Officer (and risk management in general) should have a veto right on business decisions that affect the company’s risk profile.CROs should have sufficient autonomy, be independent of line managers, and have sufficient seniority and internal voice within the firm to steer meaningful decisions.
As a final note, risk management must be integrated with Finance and Audit, and these resources and tools must be shared. For example, managing risk exposures, allocating risk reserves, managing limits, and addressing operational weaknesses require close information exchange between Risk, Finance, and Audit.
A lot of attention has been paid to enterprise risk management, which aims to provide an integrated, comprehensive assessment of all risks that an institution is exposed to, with an objective and consistent approach to managing them.Incorporating tail risk management would be one of those risks.
It seems common sense to you, doesn’t it? In regards to risk management, shouldn’t every firm behave in such a way?The risk of “wasting a good crisis” continues sixteen years after the collapse of Lehman Brothers. The cost of ignoring tail risk management has already been too high – look at the recent banking crisis involving SVB, Signature Bank, or Credit Suisse. Despite regulators’ focus on macro-prudential instruments to combat the symptoms of the crisis, the real cause remains unaddressed. The implementation of robust tail risk management practices is vital not only for the survival of a single company, but also for the stability of the entire financial sector as a whole.