1 Risk in perspective

1.1 Risk

1.2 A brief history of risk management

1.3 The regulatory framework

1.4 Why manage financial risk?

1.5 Quantitative Risk Management

© QRM Tutorial Section 1

1.1 Risk
The Concise Oxford English Dictionary: “hazard, a chance of bad
consequences, loss or exposure to mischance”.
McNeil, Frey, and Embrechts (2005): “any event or action that may
adversely affect an organization’s ability to achieve its objectives and
execute its strategies”.
No single one-sentence definition captures all aspects of risk.
For us: risk = chance of loss ⇒ randomness

1.1.1 Risk and randomness

We will mostly model situations in which an investor holds today an
asset with an uncertain future value.
We use probabilistic notions (random variables, random vectors, distribu-
tions, stochastic processes) and statistical tools. In particular, we assume
to work on a probability space (Ω, F, P); see Kolmogorov (1933).
© QRM Tutorial Section 1.1
1.1.2 Financial Risk
There are various types of risks. We focus on (those affected by regulation):
Market risk Risk of loss in a financial position due to changes in the
underlying components (e.g. stock/bond/commodity prices)
Credit risk Risk of a counterparty failing to meet its obligations (default),
i.e. the risk of not receiving promised repayments (e.g. loans/bonds).
Operational risk (OpRisk) Risk of loss resulting from inadequate or failed
internal processes, people and systems or from external events (e.g. fraud,
fat-finger trades, earthquakes).
There are many other types of risks:
Liquidity risk (Market) liquidity risk is the risk stemming from the lack
of marketability of an investment that cannot be bought or sold quickly
enough to prevent/minimize a loss. Funding liquidity risk refers to the
ease with which institutions can raise funding. The two often interact.
© QRM Tutorial Section 1.1.2
Underwriting risk In insurance, underwriting risk is the risk inherent in
insurance policies sold (related, e.g. to natural catastrophes, political
changes, changes in demographic tables).
Model risk Risk of using a misspecified (inappropriate) model for measur-
ing risk. This is always present to some degree!
Good risk management (RM) has to follow a holistic approach, i.e. all
types of risks and their interactions should be considered.

1.1.3 Measurement and management

Risk measurement
Suppose we hold a portfolio of d investments with weights w1 , . . . , wd .
Let Xj denote the change in value of the jth investment. The change
in value – profit and loss (P&L) – of the portfolio over a given holding
period is then

© QRM Tutorial Section 1.1.3

 X
d
X= wj Xj .
j=1

Measuring the risk now consists of determining the distribution function

F (or functionals of it, e.g. mean, variance, α-quantiles F ← (α) =
inf{x ∈ R : F (x) ≥ α}).
To this end, we need a properly calibrated joint model for X =
(X1 , . . . , Xd ). Statistical estimates of F or one of its functionals are
obtained based on historical observations of this model.
Good risk measurement is essential (for good RM). For any product
sold, the underlying risks need to be properly quantified and clearly
communicated to stakeholders. The 2007–2009 crisis saw numerous
violations of this principle (e.g. through collateralized debt obligations).

Risk management
What is RM? Kloman (1990) writes:
© QRM Tutorial Section 1.1.3
 “To many analysts, politicians, and academics it is the man-
agement of environmental and nuclear risks, those technology-
generated macro-risks that appear to threaten our existence. To
bankers and financial officers it is the sophisticated use of such
techniques as currency hedging and interest-rate swaps. To insur-
ance buyers or sellers it is coordination of insurable risks and the
reduction of insurance costs. To hospital administrators it may
mean “quality assurance”. To safety professionals it is reducing
accidents and injuries. In summary, RM is a discipline for living
with the possibility that future events may cause adverse effects.”
⇒ It is about ensuring resilience to future events.
Note that financial firms are not passive/defensive towards risk, banks
and insurers actively/willingly take risks because they seek a return. RM
thus belongs to their core competence.
What does managing risks involve?
© QRM Tutorial Section 1.1.3
 ◮ Determine the capital to hold to absorb losses, both for regulatory
purposes (to comply with regulators) and economic capital purposes
(to survive as a company).
◮ Ensuring portfolios are well diversified.
◮ Optimizing portfolios according to risk-return considerations (for
example, via derivatives to hedge exposures to risks, or securitization,
i.e. repackaging risks and selling them to investors).

© QRM Tutorial Section 1.1.3

1.2 A brief history of risk management
1.2.1 From Babylon to Wall Street
Academic innovation in the 20th century
Markowitz (1952): Theory of portfolio selection; Desirability of an
investment was decided upon a risk-return diagram (x-axis: standard
deviation; y-axis: expected return). An efficient frontier determined the
optimal return for a given risk level.
Late 20th century: Theory of valuation for derivatives (important mile-
stone for quantifying and managing financial risk)
Black and Scholes (1973): Black–Scholes–Merton formula for the price
of a European call option (Nobel Prize 1997)
Harrison and Kreps (1979), Harrison and Pliska (1981): Fundamental
theorems of asset pricing (arbitrage-free/completeness conditions)
By 1995: Nominal values outstanding in derivatives: tens of trillions.
© QRM Tutorial Section 1.2
Disasters of the 1990s
Growing volume of derivatives in banks’ trading books (often not ap-
pearing as assets/liabilities in the balance sheet).
1995 Barings Bank ruin: OpRisk losses + straddle position on the Nikkei
(short in a call and put; allows for a gain if the Nikkei does not move
too far down or up) + Kobe earthquake = loss of $1.3 billion
1998 Long-Term Capital Management (LTCM) ruin: hedge fund; losses
due to derivatives trading, required a $3.5 billion bail-out; M. Scholes
and R. Merton (Nobel Prize winners 1997) were principles.
Life insurer Equitable Life: Prior to 1988 Equitable Life had sold pension
products which offered the option of a guaranteed annuity rate of 7% at
maturity. In 1993, current annuity rate fell below the guarantee rate and
policyholders exercised their options. Equitable Life faced an enormous
increase in their liabilities (not properly hedged). By 2001, Equitable
Life was underfunded by around £4.5 billion.
© QRM Tutorial Section 1.2.1
The turn of the century
1996–2000: dot-com bubble; Nasdaq index climbed from around 1000 to
around 5400; many firms contributing to this rise belong to the internet
sector. Within one year, the Nasdaq fell by 50%.
During this time, financial engineers discovered securitization (bundling
and repackaging of risks into securities with defined risk profiles that
can be sold to investors (provide “insurance” against defaults, receive
premiums)).
Different types of assets were transformed into collateralized debt obli-
gations (CDOs). Credits were given to borrowers with low credit ratings.
CDO issuance volume by 2008 was around $3 trillion, for credit default
swaps (CDS) around $30 trillion.
CDSs were used by investors to speculate on (changing) credit risk.
The consensus was that all this activity was a good thing:

© QRM Tutorial Section 1.2.1

 ◮ International Monetary Fund (IMF), April 2006:
“. . . dispersion of credit risk by banks to . . . investors, rather
than warehousing such risks . . . has helped to make the
banking and overall financial system more resilient.”
◮ CEO of AIG Financial Products, August 2007:
“It is hard for us, without being flippant, to even see a scenario
within any kind of realm of reason that would see us losing
one dollar in any of these transactions.”
Not all of the risk from CDOs was dispersed, large banks held a lot of it
themselves (see Acharya et al. (2009)):
“Starting in 2006, the CDO group at UBS noticed that their
risk-management systems treated AAA securities as essentially
riskless even though they yielded a premium (the proverbial free
lunch). So they decided to hold onto them rather than sell them!
After holding less than $5 billion of them in 02/06, the CDO desk
© QRM Tutorial Section 1.2.1
 was warehousing a staggering $50 billion in 09/07. . . . Similarly,
by late summer of 2007, Citigroup had accumulated over $55
billion of AAA-rated CDOs.”

The financial crisis of 2007–2009

US house prices began to decline in 2006 and 2007.
Subprime mortgage holders (having difficulties in refinancing their loans
at higher interest rates) defaulted on their payments. Starting in late
2007, this led to a rapid reassessment of the riskiness of securitization
and losses in the value of CDOs. Banks were forced into write downs of
the value of these assets on their balance sheets.
The most serious crisis since the 1920s resulted:
◮ March 2008: Bear Stearns collapsed; was sold to JP Morgan Chase
◮ September 2008: Lehman Brothers filed for bankruptcy (⇒ worldwide
panic, markets tumbled, liquidity vanished, many banks near collapse)
© QRM Tutorial Section 1.2.1
 ◮ September 2008: AIG (insuring the default risk in securitized products
by selling CDS protection) got into difficulty when many of the
underlying securities defaulted ⇒ needed an emergency loan of $85
billion from the Federal Reserve Bank of New York.
Governments had to bail companies out by injecting capital or acquiring
their distressed assets (e.g. US TARP = Troubled Asset Relief Program).
Mathematicians/financial engineers were also blamed due to the failure
of pricing models for complex securitized products, e.g. by F. Salmon
(Wired Magazine, 2009-02-23, “Recipe for disaster: the formula that
killed Wall Street”). The formula was the Gauss copula model and its
application to credit risk was attributed to David Li.
Mathematicians had also warned about securitization (see, e.g. Frey, Mc-
Neil, and Nyfeler (2001)). Political shortsightedness, the greed of market
participants and the slow reaction of regulators had all contributed.

© QRM Tutorial Section 1.2.1

Recent developments and concerns
The financial crisis led to recession and sovereign debt crises.
High Frequency Trading (HFT) has raised concerns among regulators,
triggered by such events as the Flash Crash of 2010-05-06.
Trades are executed by computer (algorithms) in fractions of a second (no
testing), computer centers are build near stock markets for faster trading.
One casualty of algorithmic trading: Knight Capital Group (financial
services firm) lost $460 million due to trading errors on 2012-08-01.
Ongoing concern: Systemic risk, i.e. the risk of the collapse of the
entire financial system due to the propagation of financial stress through
a network of participants. The networks are complex. Besides banks
and insurance companies they contain largely unregulated hedge funds
and structured investment vehicles (“shadow banking system”). One
important theme is the identification of systemically important financial
institutions (SIFIs) whose failure might cause a systemic crisis.
© QRM Tutorial Section 1.2.1
1.2.2 The road to regulation
Main aim of regulation: Ensure that financial institutions have enough
capital to remain solvent.
Robert Jenkin (member of the Financial Policy Committee of the Bank
of England, 2012-04-27):
“Capital is there to absorb losses from risks we understand and
risks we may not understand. Evidence suggests that neither
risk-takers nor their regulators fully understand the risks that
banks sometimes take. That’s why banks need an appropriate
level of loss-absorbing equity.”
Basel Committee of Banking Supervision (BCBS): Committee estab-
lished by the Central-Bank Governors of the Group of Ten (G10) in 1974.
The Basel Committee does not have legal force but it formulates stan-
dards/best practices/guidelines, the Basel Accords, in the expectation
that individual authorities will take steps to implement them.
© QRM Tutorial Section 1.2.2
The first Basel Accord (Basel I)
Issued in 1988
Only addressed credit risk
Fairly coarse measurement of risk
◮ Claims were divided into 3 categories only, counterparties being
governments, regulated banks and others;
◮ Risk weighting identical for all corporate borrowers, independent of
their credit rating;
◮ Unsatisfactory treatment of derivatives.

The birth of VaR

1993: G30 (international body of leading financiers and academics)
published a seminal report addressing for the first time so-called off-

© QRM Tutorial Section 1.2.2

 balance-sheet products, e.g. derivatives. The banking industry saw the
need for proper measurement of these risks.
1994: At JPMorgan the Weatherstone 415 report asked for a one-day,
one-page summary of the bank’s market risk to be delivered to the CEO
in the late afternoon (hence the “4.15”).
Value-at-risk (VaR) as a market risk measure was born and the JPMorgan
methodology (which became known as RiskMetrics), set an industry-
wide standard.
Banks pushed to be allowed to use netting (compensation of long versus
short positions on the same underlying).
Amendment to Basel 1 in 1996 ⇒ standardized model for market risk
and internal value-at-risk-based models for more sophisticated banks
Coarseness problem for credit risk remained (not enough incentives to
diversify credit portfolios; regulatory capital rules too risk insensitive).

© QRM Tutorial Section 1.2.2

The second Basel Accord (Basel II)
Initiated in 2001 (adopted mostly by 2008), document published in June
2004 (see Basel Committee on Banking Supervision (2004)).
Three pillar concept: 1) quantification of regulatory capital; 2) regulatory
review of the modelling process; 3) disclosure requirements.
Important themes were:
◮ Under Pillar 1, banks are allowed to use a more risk-sensitive approach
for assessing credit risk of their portfolios (they could opt for an
internal ratings-based approach which permitted the use of credit-
rating systems).
◮ Operational risk was introduced as a new class of risk.

Due to the financial crisis of 2007–2009, further amendments to the

2004 version were made, which delayed the implementation of Basel II.

© QRM Tutorial Section 1.2.2

Basel 2.5
CDOs had opened up opportunities for regulatory arbitrage (transferring
credit risk from the capital-intensive banking book to the less-capitalized
trading book).
Some enhancements to Basel II were proposed in 2009 with the aim of
addressing the build up of risk in the trading book. These enhancements,
known as Basel 2.5 , include a stressed VaR (calculating VaR from
data for a 12-month period of market turmoil) and the incremental
risk charge (estimate of default/migration risk of unsecuritized credit
products in the trading book). There were also specific new rules for
certain securitizations.

The third Basel Accord (Basel III)

2011: Five extensions of Basel II and 2.5 were proposed:

© QRM Tutorial Section 1.2.2

 1) Measures to increase the quality and amount of capital by chang-
ing the definition of key capital ratios and allowing countercyclical
adjustments to these ratios in crises;
2) A strengthening of the framework for counterparty credit risk in
derivatives trading with incentives to use central counterparties (ex-
changes);
3) Introduction of a leverage ratio to prevent excessive leverage (tech-
nique to multiply gains/losses; often by buying more of an asset with
borrowed capital);
4) Introduction of various ratios that ensure that banks have sufficient
funding liquidity;
5) Measures to force systemically important banks (SIBs) to have even
higher risk capital.
Basel III works alongside Basel II and 2.5, not replacing them. Its
targeted end date of implementation is 2019.

© QRM Tutorial Section 1.2.2

Parallel developments in insurance regulation
More fragmented, much less international coordination of efforts.
Exception: Solvency II framework in the European Union (EU).
Overseen by EIOPA (European Insurance and Occupational Pensions
Authority), but implementation is a matter for national regulators.
US: Insurance regulation is a matter for state governments. The Na-
tional Association of Insurance Commissioners (NAIC) provides support
to insurance regulators from the individual states (helps to promote best
practices etc.; early 1990s: NAIC promoted the concept of risk-based
capital (RBC), a rule-based (rather than model-based) method of mea-
suring the minimum amount of captial appropriate for supporting overall
business operations depending on size and profile).
After the 2007–2009 crisis: 2010 Dodd–Frank Act (creation of a Federal
Insurance Office to “monitor all aspects of the insurance sector” and the

© QRM Tutorial Section 1.2.2

 Financial Stability Oversight Council (FSOC) “charged with identifying
risks to the financial stability of the United States”)

From Solvency I to II
Solvency I came into force in 2004: Rather coarse rules-based framework
calling for companies to have a minimum guarantee fund ⇒ Single,
robust system, easy to understand, inexpensive to monitor. However, it
is mainly volume based and not explicitly risk based.
Solvency II was initiated in 2001 (publication of the Sharma report);
adopted by the Council of the European Union and the European
Parliament in November 2009; application of the framework from 2016-
01-01.
The process of refinement of the framework is managed by EIOPA (con-
ducts a series of quantitative impact studies (QIS) in which companies

© QRM Tutorial Section 1.2.2

 have tried out aspects of the proposals; information about the impact
and practicability of the new regulations results).
Solvency II goals: strengthen the capital adequacy by reducing the
possibilities of consumer loss or market disruption in insurance
⇒ policyholder protection and financial stability motives

Swiss Solvency Test (SST)

Specific to Switzerland.
Already developed and in force since 2011-01-01.
Implements its own principles-based risk-capital regulation for insurers.
Similar to Solvency II, but differs in its treatment of different types of
risk. Also puts more emphasis on the development of internal models.
The implementation of the SST belongs to the responsibilities of the
Swiss Financial Markets Supervisory Authority (FINMA).

© QRM Tutorial Section 1.2.2

1.3 The regulatory framework
1.3.1 The Basel framework
The three-pillar concept (Basel Committee)
Pillar 1 Minimal capital charge. Requirements for the calculation of the
regulatory capital to ensure that a bank holds sufficient capital for
its market risk in the trading book, credit risk in the banking book
and operational risk (main quantifiable risks).
Pillar 2 Supervisory review process. Local regulators review the checks
and balances put in place for capital adequacy assessments, ensure
that banks have adequate regulatory capital and perform stress
tests of a bank’s capital adequacy.
Pillar 3 Market discipline. Addresses better public disclosure of risk mea-
sures and other RM relevant information (banks are required to
provide better insight into the adequacy of their capitalization).
© QRM Tutorial Section 1.3
Credit and market risk; banking and trading book
Banking activities are organized around the banking book (assets on the
balance sheet held to maturity, at historic costs (book value)) and the
trading book (assets held that are regularly traded; marked-to-market
every day) reflecting the different accounting practices for different kinds
of assets.
Credit risk is mainly identified with the banking book; market risk with
the trading book.
The distinction is somewhat arbitrary and depends on “available to
trade”. There can be incentives to move instruments from one book to
the other (often from the banking to the trading book) to benefit from
a more favourable capital treatment (e.g. regulatory arbitrage).

© QRM Tutorial Section 1.3.1

The capital charge for the banking book
The credit risk of the banking-book portfolio is assessed as the sum
of risk-weighted assets (RWAs) (i.e. linear combination of notional
exposures weighted by risk weights reflecting the creditworthiness of the
counterparty)
The capital charge is determined as a fraction (capital ratio) of the sum
of risk-weighted assets in the portfolio. The capital ratio was 8% under
Basel II, but will be increased for Basel III in 2019.
To calculate risk weights, banks use either the standardized approach
(risk weights prescribed by regulator) or one of the more advanced
internal-ratings-based (IRB) approaches.
Under the IRB approaches banks may make an internal assessment
of the riskiness of a credit exposure, expressing this in terms of an
estimated annualized probability of default (PD) and an estimated loss-
given-default (LGD), which are used as inputs in the calculation of
© QRM Tutorial Section 1.3.1
 risk-weighted assets. The total sum of risk-weighted assets (RWAs) is
calculated using formulas specified by the Basel Committee, which also
take positive correlation into account.
IRB approaches allow for increased risk sensitivity in the capital charges
compared with the standardized approach. Note, however, that the
IRB approaches do not permit fully internal models of credit risk in the
banking book (they only permit internal estimation of inputs to a model
specified by the regulator).

© QRM Tutorial Section 1.3.1

The capital charge for the trading book
For market risk in the trading book there is also a standardized approach.
However, most major banks use an internal VaR model approach.
VaR calculation is the main component of risk quantification, but Basel
2.5 added:
◮ Stressed VaR: Banks are required to carry out VaR calculations based
on their models being calibrated to a historical 12-month period of
financial stress.
◮ Incremental Risk Charge (IRC): Banks must calculate an additional
charge based on an estimate of the 99.9% quantile of the one-year
loss distribution due to defaults and rating changes (since default
and rating migration risk are not considered otherwise).
◮ Securitizations: Exposures to securitizations in the trading book are
subject to new capital charges.

© QRM Tutorial Section 1.3.1

The capital charge for OpRisk
There are three options of increasing sophistication. Under the basic-
indicator and standardized approaches banks may calculate their OpRisk
charge using simple formulas based on gross annual income. Under the
advanced measurement approach banks may develop internal models (most
are based on internal and external historical data).

New elements of Basel III

The main changes will be (may change before final implementation):
Banks will need to hold more and better quality capital (the latter is
achieved through a more restrictive definition of eligible capital, the
former relates to Basel II’s 8% + a capital conservation buffer of 2.5%
of risk-weighted assets + a countercyclical buffer of up to 2.5%)

© QRM Tutorial Section 1.3.1

 A leverage ratio will be imposed to put a floor under the build-up of
excessive leverage (leverage will be measured through the ratio of Tier 1
capital to total assets; a minimum ratio of 3% is currently being tested).
A charge for counterparty credit risk is included. When counterparty
credit risk is taken into account in the valuation of an OTC derivative
contract, the default-risk-free value has to be adjusted by an amount
known as the credit valuation adjustment (CVA).
Banks will become subject to liquidity rules; this is a completely new
direction for the Basel framework which has previously only been con-
cerned with capital adequacy. A liquidity coverage ratio (LCR) will be
introduced to ensure that banks have enough highly liquid assets to
withstand a period of net cash outflow lasting 30 days. A net stable
funding ratio (NSFR) will ensure that sufficient funding is available in
order to cover long-term commitments (≥ one year).
Risk quantification may change: from VaR to ES.
© QRM Tutorial Section 1.3.1
1.3.2 The Solvency II Framework
Main features
Solvency II also adopts a three-pillar system (Pillar 1: quantification
of regulatory capital; Pillar 2: governance and supervision; Pillar 3:
disclosure of information to the public)
Under Pillar 1, a company calculates its solvency capital requirement
(SCR) = amount of capital to ensure that the probability of insolvency
over a one-year period is no more than 0.5% (referred to as a confidence
level of 99.5%).
The firm also calculates a smaller minimum capital requirement (MCR) =
minimum capital to continue operating without supervisory intervention.
For calculating capital requirements, a standard formula or an internal
model may be used. Either way, a total balance sheet approach is taken
(all risks and their interactions are considered).
© QRM Tutorial Section 1.3.2
 The insurer should have own funds (surplus of assets over liabilities)
that exceed both the SCR and the MCR.
Under Pillar 2, the company must demonstrate that it has a RM system
in place and that this system is integrated into decision making processes.
An internal model must pass the “use test”: It must be an integral
part of the RM system and be actively used in the running of the firm.
Moreover, a firm must undertake an ORSA (own risk and solvency
assessment) as described below.

Market-consistent valuation.
Assets and liabilities of a firm must be valued in a market-consistent
manner. Where possible, actual market values should be used (marking-
to-market).
When no market values exist, models (consistent with market informa-
tion) have to be calibrated (a process known as marking-to-model).
© QRM Tutorial Section 1.3.2
 Market consistent valuation of the liabilities of an insurer is possible if
cash flows to policyholders can be replicated by a replicating portfolio
of matching assets.
If this is not possible (e.g. for mortality risk), valuation is done by
computing the sum of a best estimate of the liabilities (basically an
expected value) plus a risk margin.

Standard formula approach

Insurers calculate capital charges for different kinds of risk within a
series of modules (e.g. for market risk, counterparty default risk, life
underwriting risk, non-life underwriting risk and health insurance risk)
Within each module, capital charges are calculated with respect to funda-
mental risk factors (e.g. within market risk are interest-rate/equity/credit-
spread risk). Capital charges are calculated by considering stress scenarios

© QRM Tutorial Section 1.3.2

 on the value of net assets (assets − liabilities). The stress scenarios are
intended to represent 1 in 200 year events (i.e. annual 0.5% probability).
The capital charges for each risk factor are aggregated to obtain the
module risk charge. Again a set of correlations is used to express the
regulatory view of dependencies between the fundamental risk factors.
The risk charges arising from these modules are aggregated to obtain
the SCR using a formula that involves a set of prescribed correlations.

Internal model approach.

On regulatory approval, firms can develop an internal model for the
financial and underwriting risk factors.
An internal model often takes the form of a so-called economic scenario
generator (ESG) in which risk-factor scenarios for a one-year period are
randomly generated and applied to determine the SCR.

© QRM Tutorial Section 1.3.2

ORSA (Own risk and solvency assessment)
ORSA = Entirety of processes and procedures to identify, assess, monitor,
manage, and report short and long term risks a (re)insurance company
may face and to determine the own funds necessary to ensure the
company’s solvency at all times.
ORSA (Pillar 2) is different from capital calcuations (Pillar 1):
◮ ORSA refers to a process (and not just an exercise in regulatory
compliance);
◮ Each firm’s ORSA is its own process and likely to be unique (not
bound by a common set of rules such as the standard-formula ap-
proach in Pillar 1; even firms using internal models under Pillar 1 are
bound to similar constraints).
◮ ORSA goes beyond the one-year time horizon (which is a limitation
of Pillar 1); e.g. for life insurance.

© QRM Tutorial Section 1.3.2

1.3.3 Criticism of regulatory frameworks
Benefits of regulation: Customer protection, responsible corporate gov-
ernance, fair and comparable accounting rules, transparent information
on risk, (more) capital and (higher) solvency for shareholders etc.
The following aspects have raised criticsm:
◮ Costs and complexity for setting up and maintaining a sound risk
management system compliant with present regulations (PRA: in
the UK, Solvency II compliance costs at least £3 billion. Regulation
becomes more and more complex.
◮ Endogenous risk: Regulation may amplify shocks. It can lead to
risk-management herding (institutions all run for the same exit by
following the same (perhaps VaR-based) rules in times of crisis and
thus further destabilize the whole system).

© QRM Tutorial Section 1.3.3

 ◮ Market-consistent valuation (at the core of the Basel rules for the
trading book and Solvency II) implies that capital requirements are
closely coupled to volatile financial markets.
◮ Highly quantitative nature of regulation: Extensive use of mathemat-
ical and statistical methods. Lord Turner (2009) (Turner Review of
the global banking crisis):
“The very complexity of the mathematics used to measure and
manage risk, moreover, made it increasingly difficult for top
management and boards to assess and exercise judgement
over the risk being taken. Mathematical sophistication ended
up not containing risk, but providing false assurances that
other prima facie indicators of increasing risk (e.g. rapid credit
extension and balance sheet growth) could be safely ignored.”
◮ Can tighter regulation prevent a crisis such as that of 2007–2009?
Rules are constantly overtaken by financial innovation.
© QRM Tutorial Section 1.3.3
1.4 Why manage financial risk?
1.4.1 A societal view
Society (single customers and as a whole (systemic risk)) relies on the
stability of the banking and insurance system. The regulatory process
(from which Basel II and Solvency II resulted) was motivated by the
desire to prevent insolvency of individual institutions and thus protect
customers (microprudential perspective). The reduction of systemic risk
has become an important secondary focus since the 2007–2009 crisis
(macroprudential perspective).
Most would agree that the protection of customers and the promotion
of financial stability are vital, but it is not always clear whether the two
aims are well aligned (e.g. might be good to let a company go bankrupt
to teach others a lesson).

© QRM Tutorial Section 1.4

 This is related to systemic importance of the company in question (size
and connectivity to other firms). Considering some firms as too big to
fail creates a moral hazard (should be avoided!) since the management
of such a firm may take more risk knowing that it would be bailed out
in a crisis.
Better risk management can reduce the risk of company failure and pro-
tect customers and policyholders. However, regulation must be designed
with care and should not promote herding, procyclical behaviour or other
forms of endogenous risk that could result in a systemic crisis. Individual
firms need to be allowed to fail on occasion, provided customers can be
shielded from the worst consequences through appropriate compensation
schemes.

© QRM Tutorial Section 1.4.1

1.4.2 The shareholder’s view
While individual investors are typically risk averse and should therefore
manage the risk in their portfolios, it is not clear that risk management at
the corporate level (e.g. hedging a foreign-currency exposure or holding
a certain amount of risk capital) increases the value of a corporation
and thus enhances shareholder value. The rationale for this is simple: if
investors have access to perfect capital markets, they can incorporate
RM via their own trading and diversification.
The famous Modigliani–Miller Theorem, which marks the beginning of
modern corporate finance theory, states that, in an ideal world without
taxes, bankruptcy costs and informational asymmetries, and with fric-
tionless and arbitrage-free capital markets, the financial structure of a
firm (thus its RM decisions) is irrelevant for the firm’s value.
In order to find reasons for corporate RM, one has to “turn the Modigliani–
Miller Theorem upside down”:
© QRM Tutorial Section 1.4.2
 ◮ RM can reduce tax costs.
◮ RM can increase the firm value in the presence of bankruptcy costs
(e.g. cost of lawsuits or liquidation costs), as it makes bankruptcy
less likely.
◮ RM can be beneficial, since a company may have better access to
capital markets than individual investors.
◮ RM can reduce the impact of costly external financing.

© QRM Tutorial Section 1.4.2

1.5 Quantitative Risk Management
1.5.1 The Q in QRM
We treat QRM as a quantitative science using the language of mathe-
matics in general, and probability and statistics in particular.
Probability and statistics provide us with a suitable language and with
appropriate concepts for describing financial risks.
We also point out assumptions and limitations of the methodology used.
We should also be aware that the regulatory system needs to be more
aware about the ways in which models can be gamed/misused.
The Q in QRM is an essential part of the RM process. We believe
it remains (if applied correctly and honestly) a part of the solution to
managing risk (not the problem). See also Shreve (2008):
“Don’t blame the quants. Hire good ones instead and listen to
them.”
© QRM Tutorial Section 1.5
1.5.2 The nature of the challenge
Our approach to QRM has two main strands:
◮ Put current practice onto a firmer mathematical ground;
◮ Put together techniques and tools which go beyond current practice
and address some of the deficiencies.
In particular, some of the challenges of QRM are:
◮ Extremes matter. There is the need to address unexpected, abnormal
or extreme outcomes. Lord Turner (2009):
“Price movements during the crisis have often been of a size
whose probability was calculated by models (even using longer
term inputs) to be almost infinitesimally small. This suggests
that the models systematically underestimated the chances
of small probability high impact events . . . it is possible that
financial market movements are inherently characterized by
© QRM Tutorial Section 1.5.2
 fat-tail distributions. VaR models need to be buttressed by
the application of stress test techniques which consider the
impact of extreme movements beyond those which the model
suggests are at all probable.”
◮ Interdependence and concentration of risks. Risk is multivariate in
nature, we are generally interested in some form of aggregate risk
that depends on high-dimensional vectors of underlying risk factors.
A particular concern is the dependence between extreme outcomes,
when many risk factors move against us simultaneously.
◮ The problem of scale. A portfolio may represent the entire position
in risky assets of a financial institution, but calibration of detailed
multivariate models for all risk factors is impossible and hence any
sensible strategy involves dimension reduction (i.e. identification of
key risk drivers/features to be modelled, e.g. correlation in credit risk
models).

© QRM Tutorial Section 1.5.2

 ◮ Interdisciplinarity. Ideas and techniques from several existing quanti-
tative disciplines are drawn together. A combined quantitative skillset
should include concepts, techniques and tools from mathematical
finance, statistics, financial econometrics, financial economics and
actuarial mathematics.
◮ Communication and education. A quantitative risk manager operates
in an environment where additional non-quantitative skills are equally
important (communciation, market practice, institutional details,
humility). A lesson from the 2007–2009 crisis is that improved
education in QRM is essential; from the front office to the back
office to the boardroom, users of models and their outputs need to
be better trained to understand model assumptions and limitations.

© QRM Tutorial Section 1.5.2