Risk Management Reports

April 2001
Volume 28, Number 4

GARP 2001 Conference

The Global Association of Risk Professionals (GARP) announced a major change in its structure at its second annual conference in New York on February 13 and 14. This worldwide group of financial risk managers, now over 15,000 members in 80 countries, will no longer be free and virtual. Its new president, Adam Davids, and Lev Borodovsky, a co-founder, explained that GARP will become a nonprofit parent with three subsidiaries, two nonprofit and one profit, the latter to handle non-tax-exempt functions. One of these will be an endowed (with 10% of membership dues) foundation offering scholarships and research grants. GARP will offer four new categories of paid membership, with dues covering the remaining months of 2001: Academic or Student at US$50, Associate at US$100, and Fellow, one who has passed its Financial Risk Manager (FRM) examination, at US$125. GARP's offices will be in both New York (28 East 18th Street) and London (153 Fenchurch Street). Davids, the CEO, operates from New York and Laura Bianco, the COO, from London.

London's Risk Professional is no longer its official publication. A new GARP Risk Review, an expanded website (www.garp.com), and an Internet information center, www.riskcenter.com will be its membership communication. GARP's goal is ". . . to be the dominant voice in the industry calling for the advancement of the risk management profession." It proposes "calling upon industry to place its global risk management in the hands of an officer not responsible for a single business function," otherwise known as the "Chief Risk Officer." It will continue its annual examination for the FRM (Financial Risk Manager) designation, held by over 1000 worldwide.

GARP is shifting from its initial model of a virtual organization, disdaining expensive offices, officers, and publications. This format created the largest global risk management group in just over three years, and the test will be how many current members elect to pay dues. Will this affect its current global significance? I will watch GARP closely as it redefines itself.

As GARP changes its structure, so too do many of the some 500 financial institutions whose representatives attended this year's conference. Risk management is a newly integrated function. The dominant theme throughout the six subject tracks (Market Risk, Credit Risk, Operational Risk, Energy Risk, Corporate Risk Management, Asset/Liability Management, and Insurance & the Capital Markets) was the Basel Committee and the forthcoming adjustments to its rules for capital sufficiency. The current working draft is available for review (see www.bis.org) through May 31, 2001, after which further modifications will be made and the final rules implemented in 2004. The Committee's work rests on three "pillars:" a risk-based (credit, market and operational risks) calculation of the required minimum capital for a financial institution, followed by regulatory supervision and review, and, finally, by full disclosure and transparency, all of which should lead to greater market discipline. The ultimate goal is to increase the public's confidence in the global banking system.

The Conference heard many concerns: overly conservative rules, unequal treatment of different financial products, arbitrariness, uneven treatment of credit arrangements, lack of data for measuring operational risks, and, perhaps most important, the potential for unintended consequences. Yet throughout the discussions I sensed an optimism that the Basel Committee will eventually create a better risk-based guideline for capital adequacy than its current rule, one that will reduce systemic risk globally. As to unintended consequences, it is inevitable that smart bankers will recognize new opportunities to subvert the purpose of the regulations. We must accept that probability. The guidelines are minimums and never replace good judgment by both bankers and their customers. The effect of the Basel guidelines cannot be underestimated. They will affect, first, the world's major banks and, in due course, their customers, most major corporations. We are at the start of a global effort to incorporate risk management within the structure of all organizations.

The Basel focus is important. It is not enough to look at the relative financial strengths of banking institutions. Basel correctly sees that public confidence is the foundation of all banking. Liquidity is nothing without confidence.

A second underlying theme in many Conference presentations was the continuing belief in quantitative models to measure credit, market, and even operational risks. I commented on this last year in my review of the 2000 conference (see "In Quest of the Quants" in RMR March 2000). The credit and market models benefit from substantial internal data, but risk managers stretch to create comparable models for operational risk, where data are scant and unreliable. While most of the speakers acknowledged the possibility of "model risk," they continued to press their development and use.

As the quants continue their ascendancy, I see two problems. The first is the increasing complexity of their language. One speaker tried to explain the importance of "delta, gamma, theta and vega" issues in modeling, mentioning "parameterizing the vol surface" and introducing the factor of "smile!" How are normal mortals to understand these terms and their numbing numeracy? I admit to a high level of innumeracy but we need better translation if laymen are to comprehend and rely on these quantitative models.

The second problem is growing over-reliance on these models. Is this an extension of Utopian wishful thinking, the desire for perfect answers in an imperfect world, a course of action that inevitably leads to dystopia? Models should never replace serious thought; the consideration of experience and intuition. Perhaps its time to re-read Sir Thomas More, Aldous Huxley and George Orwell, authors who found so-called perfection insidiously beguiling and inevitably misleading.

GARP 2001 was, in other ways, a model conference. It attracted just over 500 registrants, a workable number for meetings and chance conversations. It offered five keynote speeches/plenum panel discussions and fifty-two workshop sessions in two intense 8:15 a.m. to 6:00 p.m. days. The content of the seven tracks was uniformly high and 60% of the 65 speakers were operating managers themselves (only 27.6% were service vendors). A modest exhibit area displayed software and publications, and all exhibits were approximately the same size. As far as I know, no hospitality suites or other entertainments were offered. The first evening's dinner featured the naming of William W. Martin, of the Royal Bank of Scotland Group, as GARP's Risk Manager of the Year, a totally non-commercial designation. In summary, GARP 2001 was an efficient meeting.

I followed the Operational Risk workshop track and found these sessions overflowing with registrants and solid information. Operational risk still defies definition as most consider it a catch-all of risks outside credit and market. Bill Martin suggested it is "the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events." This includes legal but excludes strategic or reputational risk. Hansruedi Schuetter, Group Operational Risk Manager of the Credit Suisse Group, offered similar phrasing: "Operational Risk is the risk of adverse impact to our business as a consequence of conducting it in an

improper or inadequate manner and may result from external factors.

Both these definitions are weak for two reasons. First, they over-focus on the negative side-loss-with no compensatory consideration of benefit. Second, they overlook strategic and reputational effects. Since the International Standards Organization (ISO) is currently voting on its proposed global risk management definitions, I asked several speakers if their groups had been in contact with ISO. The answer: no! This is a continuation of the inability or unwillingness of various sub-disciplines in risk management to work together cooperatively. It will result in a Babel of different terms in different sub-disciplines, further confusing the public.

A few speakers still clung to the idea that risk management is essentially a financial operation centered within Treasury, one that is intended only to "enhance shareholder value." Both Freeman Wood, Director of Global Risk Management at Ford Motor Company, and Dr. Ash Srivastava, Vice President, Structured Finance, at Bombardier, directed their comments to this "shareholder value" goal. Ford's effort begins with generally acknowledged key steps in risk management integration-senior management support, building risk awareness, comprehensive approach to all risks, focus on adding value to the company, breaking down internal barriers, and building a platform for data analysis and reporting. Ford's risk management statement, however, is still too "loss" oriented: "To improve the business' ability to understand, manage, and mitigate global corporate risk in real time, in such a way that we make better risk/return decisions, and manage capital more efficiently, so that shareholder value materializes and unforeseen risks do not." Wood presented a good summary graphic of the areas of financial and non-financial risk, arguing that "business risk" overlays all risk areas. Ford's goal is ambitious. It currently focuses on foreign exchange, commodity and interest rate risks, but it intends to build a "global, integrated risk management process that assesses interest rate, foreign exchange, commodity, liquidity and counterparty/issuer risks within a unified structure and technology platform." Wood continued, "The risk assessment process will integrate corporate insurance and the inter-relation of financial market risk with operation risk to provide a complete picture of total enterprise exposure." He hopes this will lead to "better understanding of risk" and "added value to shareholders."

The peripatetic James Lam, the originator of the title of CRO (Chief Risk Officer) and the Founder of Erisk, went well beyond the limited "shareholder value" goal. He suggested a major of integrated risk management will be "enhanced stakeholder confidence." He also suggested that CROs deal primarily with optimists and realists, avoiding those pessimists who gloomily over-focus on losses and past mistakes. Lam identified seven "key risk management trends," providing a challenging list of proactive concerns for risk managers:

1. Unforgiving stock market (the losses since February illustrate this!)
2. SEC crackdown on "earnings management"
3. New regulatory/accounting requirements
4. Case studies of the good, the bad, and the ugly
5. Global initiatives on corporate governance
6. Enterprise risk management under the CRO
7. Convergence of the financial/insurance markets

He also proposed a combination of financial risk distributions for credit, market and operational risks into a single "enterprise-wide distribution" showing the range of probabilities for both gain and loss for all three risk areas. I like this idea although I suspect that we are yet ready to model it, simply because of the inadequacies of operational risk data.

Peter Schofield, of American Express, contributed one of the Conference's most provocative papers, on "Reputation Risk." He explained that his participation in this project for his company was "not from the perspective of a mathematical quant, nor a public relations executive, but as a business manager, using primarily common sense." It was a refreshing view, given our two-day submersion in numbers! Schofield defined reputational risk as "the set of threats that affect the long-term trust placed in the organization by its stakeholders, which includes it suppliers, customers, staff and shareholders. It covers risks to products, the company and the whole industry." (from David Brotzen, Financial Times, June 13, 2000) He then developed various reputational risks for financial institutions and how they are weighted, controlled, detected and monitored. Schofield's incorporated this information into a "crisis management plan."

While intrigued by his sound approach, I remained unhappy with his "reactive" model. Reputation is the most important asset of any organization. We should be proactive in building and maintaining it, not just responsive to adverse events. I agree fully with Schofield's concluding quote from The Economist (April 22, 2000):

"There may be two good reasons for companies to worry about their ethical behaviour. One is anticipation: bad behaviour, once it stirs up a public fuss, may provoke legislation that companies will find more irksome than self-restraint. The other, more crucial, is trust. A company that is not trusted by its employees, partners and customers, will suffer."

If experience is a teacher, Douglas Hoffman is a learned man! He served as a consultant, a banker, and the executive of a dot.com that finally bled to death from insufficient funds. His presentation started with two operational risk "best practice strategies:" clarifying the business units' responsibility for operational risk, and surrounding the RM effort with clearly defined roles, beginning with real support from and involvement of senior management and the Board. He described candidly the three major operational risk data consortia-the Basel Consortium; GOLD and the MORE Exchange-all of which will probably require considerable time and commitment from their participants before their data will have any reliability. His conclusion: "internal data are still the most important!"

Finally, a pessimistic note came from Avinash Persaud, of State Street Bank. He warned that some of the current emphasis on "market-sensitive risk management systems and more transparency actually makes markets less stable and more prone to crisis." He explained that the Basel regulations create a greater bank "herding" mentality. Most banks manage markets risks by setting a daily DEAR (daily earnings at risk) limit, a calculation of their portfolio of positions, thereby estimating the future distribution of daily returns based on past market volatility and correlations. Their DEAR limit is the maximum dollar amount they are willing to lose with a 1% probability. Yet this creates a lemming-like behavior: "Banks or investors like to buy what others are buying, sell what others are selling, and own what others own." They are measured and rewarded by relative performance. "They are more likely to be sacked for being wrong and alone than (for) being wrong and in company." His conclusion: "Today, risk managers mistakenly prefer to worry about quantifiable risks than unquantifiable ones." Persaud suggested that unregulated hedge funds actually would serve as a brake on the herding instinct.

The GARP annual conferences continue to deliver excellent value for invested time.

It is arguable that regulators have actually promoted herding through risk management systems. They may also have done so in the zeal for disclosure of bank positions and central bank reserves.

Avinash Persaud, "Sending the Herd off the Cliff Edge: The Disturbing Interaction between the Madness of Crowds and Modern Risk Management Practice," paper at GARP 2001, February 14, 2001

Copyright H. Felix Kloman and Seawrack Press, Inc.

Return to RMR Table of Contents
RiskINFO Home Page
Additional Topics This Month and Archives