On Enterprise Risks

Here are some nice observations on risk. 

Risk in the case of the meltdown of the balance sheets of the world’s most important financial institutions is quite different than the type of risk that financial institutions and insurance agencies were used to dealing with. What characterizes what we might term “normal risk” are three things: it is exogenous, stationary and uncorrelated.  

Although non-standard risks are difficult to plan for and manage, we must do so nonetheless. Risk models that breakdown when risks are endogenous, moving, or correlated is like building a car whose seat belts when the driver falls asleep, or whose car bag fails over 10Mph.

Transparency is a core issue. Risks cannot be managed if they cannot be measured. If government is to become the insurer of last resort, then it has the right (and obligation) to ensure transparency of the markets. The CDO and DSO markets are very opaque, to the benefit of nobody except a small handful of inside players.

If ERM is limited to risks that are exogenous, stationary, and uncorrelated, then I wonder whether we need to begin applying principles of BCP to ERM, particularly the need to identify and plan for the “worst case scenario”, which will help identify systemic risks which cannot be identified with traditional methods.