Risk Management Pt1: What role should it play in any Investment Process?
This is the first of two articles exploring Risk Management, with an associate of ISC, Chris Sandford. Chris is an Actuary and Independent Risk Consultant whose experience spans stockbroking, bond, equity & derivatives fund management for various asset management companies including County NatWest, Morgan Grenfell, AXA, West LB, Aerion and Schroders.
Chris and David Sellors (Senior Consultant at ISC) discuss the current state of risk management within the Asset management industry. In this article discussions focus on Risk within the Investment Management process and the concept of the Risk 'Toolbox' in aiding decision making.
DS: Regulators, politicians, 'too big to fail' Banks as well as some Hedge Fund managers have hard questions to answer. Even, 'safe' Insurers have failed spectacularly. The questions posed here is whether current risk management processes are effective and how can they be improved?
CS:Asking what role risk management should play is exactly the right question; the problem is that it is usually asked too late. There is a good historic reason for that; there were assets to invest long before there were sophisticated risk systems. Ad hoc rules were created, sometimes quite woolly ones (for example, 'subject to acceptable or moderate risk').
The other extreme, still often seen in investment mandates and managers internal rules, is a network of asset class and individual asset limits. These can be both limiting for managers trying to improve investment returns and ineffective at controlling risk.
DS: That raises another point that I'd like to come back to, should limits be absolute or relative to a benchmark? But what would you suggest in place of, or on top of limits? There are a whole host of measures and techniques that are used - Tracking Error, Value at Risk 'VaR', Conditional Value at Risk 'CVaR', Risk Budgeting, for instance. We should discuss which of these are appropriate and also how to demystify these terms - 'Tracking Error' isn't an error and 'Value at Risk' isn't the Value at Risk!
CS: I agree. My point about the question of the role of risk being asked too late is that, knowing what we know now, we would have built risk management into the centre of every investment process. The strange truth is that when we pursue out performance of whatever target we have, Risk (by which here I mean uncertainty) is certain, whilst achieving a return above a (certain) target benchmark is uncertain.
Essentially an Investment Process is a set of methods to choose better than average investments and a portfolio construction process to maximise the chance of achieving the investment target. The second part is fundamentally Risk Management. Financial Economics confirms the intuitive truth that diversification is key, though all the evidence is that this is harder to achieve than theoretical models would have us believe.
DS: Ok - but that isn't the only aspect of Risk Management. There are several other audiences. We have primary clients, sponsors, plus internal clients, i.e. management plus Regulators and Investment Consultants. They all have different requirements; need different levels of detail, have different levels of knowledge and less obviously have different time frames for assessing risk. It is not just important to measure and manage risk well; communicating this at the level of detail that each party needs is vital. It is so easy to swamp people with numbers and terminology to the point where they switch off then fail to see the wood from the trees. The danger then is that when something unpleasant happens; say losses over the 95% VaR level, clients lose faith with risk management although this is expected to happen 1 month (or year) in 20.
CS: That's quite right but human nature isn't quite so data rational. It is very much easier to explain a breach of 95% VaR (or tracking error) on the 20th month than on the first. That isn't simply human nature; if a breach happens in month 20 rather than month 1 there is much more evidence that the risk model is reasonable. This highlights 'model risk'. There is a very strong case for never relying on a single model and ensuring that the models used have completely different methodologies.
DS: The Credit Crunch hasn't been the only major test of risk models. We have also had LTCM, the TMT bubble, 'QuantQuake', the 'Flash Crash', the UK exit from the ERM and the 1987 Crash. We really need to look not just at how risk management can help us deal with these events or similar ones but how we deal with new, truly unexpected events.
CS: That is the crux. We don't solely want to measure the last crisis better. We want a set of principles so we can avoid, or at least mitigate, future crises. We shouldn't need to be pushed in this direction by regulators; asset managers should be leading the charge to improve their own investment process and competitiveness.
The 'Toolbox' Concept
DS: This leads straight into the Toolbox Concept. What techniques and systems do we need? We previously discussed a number of principles, which highlight the tools and systems that may be needed to avoid unpleasant surprises. The tools fall into three business categories and a fourth, relating to the systems essential to deliver them.
Portfolio Construction and Risk Management:
- Never invest without first knowing the risk consequences.
- Avoid unrewarded risks.
- Diversify - Assets, Risk Positions and Managers - whilst this improves the information ratio.
Risk Measurement Tools and Techniques:
- Don't trust a (single) risk model.
- Use prospective tools; don't rely solely on retrospective models.
- Measure the unpleasant tail risks, not solely the 90% 'fair weather' risk.
- Understand the data right the way through to the reported results.
Ensure that the right things are measured and reported
- Know your client(s) - including internal ones.
- Ensure clients understand the numbers that are reported.
- Validate the numbers reported.
- Timely & Accurate
- Outsourcing versus In-house
CS: I think that this captures the issues. They are circular rather than a list. I would always start with knowing your client, specifically here both their risk tolerances and their return aspirations. That then takes us to the Portfolio Construction issues. The goals look as uncontroversial as Motherhood and Apple Pie. But often it doesn't happen like that. The difference between risk measurement and risk management is the same as between scorer and player. Only one gets to change the future. Only now are managers beginning to integrate risk management tools into the portfolio construction process. I am not suggesting constructing portfolios using a quadratic optimiser but being able to see how the risk changes as a portfolio is created or modified. If the risk systems aren't integrated into the Front Office Systems, or are just set up to produce reports from the Back Office Systems, then risk management doesn't happen easily pre-deal. More often than not portfolios are modified and the risk implications viewed in retrospect - which doesn't help balance risk positions or avoid unintended risk concentrations.
DS: The big change here is that risk systems need to be connected to both the fund managers Front Office Systems and to the Back Office 'System of Record'. It becomes analogous to pre & post trade compliance which we can view as another risk system).
CS: Yes, but once we have a new desired portfolio and the implied trades in the risk system we want to be able to effortlessly import this into the Front Office Dealing System to rebalance real funds to. There is a huge range of requirements here, ranging from the long term fundamental manager who might regard this as 'nice to have' to the hedge fund or high frequency trader who will want to have incorporated every trade already executed. What we would have thought of as overkill or state of the art 10 or 20 years ago is no longer adequate and given how markets and communications have evolved will be totally inadequate in coming years.
DS: Many thanks for your insights, in our next session; I'd be interested in understanding your thoughts and experiences on the importance of data and communication in the process and implementation issues surrounding risk systems.
CS: Of course.