applied business statistics case studies introduction to risk management concepts n.
Skip this Video
Download Presentation
Applied Business Statistics Case studies Introduction to risk management concepts

Loading in 2 Seconds...

play fullscreen
1 / 20

Applied Business Statistics Case studies Introduction to risk management concepts - PowerPoint PPT Presentation

  • Uploaded on

Applied Business Statistics Case studies Introduction to risk management concepts. Mauro Bufano Risk Management – Banca Mediolanum Spa. Risk Management: what is it? .

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Applied Business Statistics Case studies Introduction to risk management concepts' - lottie

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
applied business statistics case studies introduction to risk management concepts

Applied Business StatisticsCase studiesIntroduction to risk management concepts

Mauro Bufano

Risk Management – Banca Mediolanum Spa

risk management what is it
Risk Management: what is it?
  • Risk management can be considered the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities1.
  • It’s therefore not a mere quantification of risk, but rather a complex and integrated process within a company and its stakeholders
  • The ultimate goal of risk management is not just to fix limits to the business units, but to create value through competitive advantages!
  • It should not be a collection of standardized rules taken from outside (e.g. a regulator), but a cultureembedded in a firm

1: Douglas Hubbard "The Failure of Risk Management: Why It's Broken and How to Fix It" pg. 46, John Wiley & Sons, 2009

why companies need it
Why companies need it?
  • All firms (even the smallest) operate in an uncertain environment, in which a growing competition forces them to react quickly and to take decisions in short terms
  • Moreover, an always increasing types of risks affect companies in a way that is obviously impossible (or economically inconvenient) to be immune by all unfortunate events
why companies need it1
Why companies need it?
  • It’s therefore necessary to individuate relevant risks, estimate potential unexpected losses (within a certain degree of reasonability) and take decisions to manage/reduce them
  • Example of possible actions:
    • Reduce exposure to risk in a particular business unit
    • Raise capital in order to cover unexpected losses
    • Buy an insurance (in the financial industry we have derivative products)

An efficient risk management process is therefore crucial in the life of a firm!

the risk management process
The risk management process
  • Risk identification and assessment
  • Relevance analysis
  • Risk measurement and quantification of potential losses
  • The fixing of risk limits
  • Risk reporting
  • Risk mitigation or risk management
risk identification and assessment
Risk identification and assessment
  • The first step in the risk management process is the identification of the main risks run by the firm
  • It involves generally several business units and should be assessed at a bottom level in the firm’s hierarchy, monitoring all procedure and operations that could cause an economic loss
  • In this step the firm should take into account also risks that could apparently seem inexistent or intangible (e.g. reputation risks)
relevance analysis
Relevance analysis
  • Once the main risks have been identified, a company need to fix priorities among them, by defining a relevance classification among them
  • Relevant risks should be measured and monitored constantly, with a periodical reporting to the top management that should help it in decision-taking process
relevance analysis1
Relevance analysis

Relevance analysis: an example




Not relevant




Monitored, but not reported


Monitored and reported weekly, with risk limits

Potential losses

Monitored and reported yearly, no risk limits

>=15% of net assets

< 15% of net assets

risk measurement and quantification
Risk measurement and quantification
  • It’s sometimes considered the risk management itself, but it’s just a step into a more complex process
  • It generally involves statistical techniques adopted to generate a distribution of potential future losses
  • N.B.: the adoption of a statistical model involves the choice of the assumptions behind it !! (e.g. the Gaussian distribution generally underestimate extreme events!)
risk measurement an example of wrong prediction
Risk measurement: an example of wrong prediction

The chart above shows the movements of the Index of European credit default swaps (insurance against default of a company).

Using historical or parametric analysis in June 2007, the movements happened in august 2007 should have occurred not even in the entire age of the universe!2 (approx. 25 sigma events)

2See also Haldane, A. G., “Why banks failed the stress test”, Bank of England, February 2009

risk measurement
Risk measurement

Given that, how should we take into account extreme events like these?

  • Stress testing: when we have a statistical model (e.g. a regression) an example of stress test could result in a shock on the explanatory variables (e.g. suddenly increase of interest rates of 3%)
  • Scenario analysis: it’s also useful to simulate (or reply, if we have historical data) some scenarios that could have a big impact in terms of losses. Examples
    • Terrorist attacks (9/11/2001)
    • The Great Depression (’30s)
    • Oil shock (1973-74)
    • Stock market crashes (1987 or 2008)
the fixing of risk limits
The fixing of risk limits

Once the risks are estimated and quantified, it’s necessary to fix risk limits for every risk and for every business unit interestedin order to monitor and signal to the top management an eventual overstep

How to fix risk limits?

  • They should depend on the risk appetite of the company on that particular business
  • Generally, the limits should be chosen by the top management (advised by the risk management unit)
  • Again, it should take into account not only the current situation, but also stress tests and dangerous scenarios, together with the future evolution of that business (strategic plans)
risk reporting
Risk reporting

One of the main activities of the risk management unit is the production of reports to the top management, in which risks are quantified

The periodicity of reports depends on the nature of the risk and of the business. Examples

  • Trading desk – market risk: daily
  • Residential mortgages – credit risk: monthly or quarterly
  • Real estate – market risk: semi-annual or yearly

N.B. Risk reports must be as clear as possible, because they must be instruments for the top management to take important and quick decisions!

risk report an example
Risk report – an example
  • As we can see, different business units have different risk limits, due to their importance in a firm
  • Oversteps are signalled in two different ways
    • If it’s less than 20% beyond the limits, it must be signalled (and eventually authorized) by the director of that business – it’s considered a contingent problem
    • If it’s more than 20% beyond the limits, it must be signalled (and eventually authorized) by the Board of Directors – it’s a priority that could eventually impact on the entire company!
risk mitigation risk management
Risk mitigation & risk management
  • The final goal of risk management is therefore the awareness of the risks taken by the company and the actions that top management has to take to mitigate or manage them (see slide 4)
  • Risk mitigations must not be only at the end of the risk management process, but rather have to be planned in strategic plans (or e.g., at the presentation of the yearly financial statement)
an introduction to risk measures
An introduction to risk measures
  • Generally, risk measures can be divided into two groups, that generate different actions to be taken to cover relative losses:
    • Expected losses: they generally represent losses that are experienced on average conditions, or given the current situation
    • Unexpected losses: they represent losses that occur in particular bad events (e.g. once every 20 years) or that are associated to stress tests / extreme scenarios. They take place in the right tail of the losses distribution
loss distribution an example
Loss distribution: an example

The histogram chart shows a simulated loss distribution (in terms of millions €). A common risk management practice (particularly used in credit risk) is to consider average losses (or expected losses) a “cost” to be budgeted periodically (e.g. yearly), while unexpected losses are by their nature an extreme event, and have to be covered with capital

a common risk measure
A common risk measure

One of the most used risk measures in finance is Value at Risk (VaR): it expresses the maximum loss that a portfolio of asset can experience with a given confidence level and within a given time

It’s widely used in financial reporting to monitor market risk, but it’s also starting to be used to measure credit risk (e.g. a pool of mortgage loans)

Its importance is also recognized by the regulators (e.g. the Bank of Italy), being one of the parameters used to work out minimum capital requirements

value at risk introduction
Value at Risk - introduction

In defining Value at Risk, we must choose

  • The typology: historical, parametric or Monte Carlo
  • The time horizon – it depends on the nature of the risk
    • Short for market risk (e.g. 1 day or 2 weeks)
    • Longer for credit risk (e.g. 1 year)
  • The confidence level – it depends on the nature of the risk and on the risk appetite of a bank
    • Generally 99% for market risk
    • Higher for credit risk (99,9% or above)
  • Douglas Hubbard "The Failure of Risk Management: Why It's Broken and How to Fix It" pg. 46, John Wiley & Sons, 2009
  • Haldane, A. G., “Why banks failed the stress test”, Bank of England, February 2009
  • Resti, A. and Sironi, A., “Risk Management and Shareholders’ Value in Banking”