Blog

Errors in financial models that banks use on a daily basis could lead to tremendous financial and non-financial losses. It is crucial for banks to understand how they could minimize and manage model risk effectively. In addition, the OCC and the Federal Reserve have recently released new guidelines on model risk management, which will significantly modify their existing model risk management practices.

Antton Barandiaran answered a series of questions written by GFMI before the forthcoming Model

The Wheatley Review of Libor has been published and is carried on the HM treasury website. There are several points worth noting in this initial discussion paper, some of which have been summarised here.

[Click here to continue reading]

Risk Appetite is loosely defined as "the affinity a person has for taking risk when attempting to meet a specific objective".

This concept of risk appetite differs from person to person or business to business and interestingly you will find that a person's risk appetite changes as they age.

In this blog we look at risk appetite; what it is, where it has been used and why it is important.

[ Click here to continue reading ]

Interview with Houman B. Shadab, Associate Professor of Law at New York Law School

Houman B. Shadab is an Associate Professor of Law at New York Law School. He is an internationally recognized expert in financial law and regulation whose research focuses on hedge funds, derivatives, and securitization. Professor Shadab is a director of the Center on Financial Services Law and the Editor-in-Chief of the Journal of Taxation and Regulation of Financial Institutions.

marcus evans had the privilege to

The past 24 months have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Whether these have been natural disasters, such as the Japanese Tsunami or man-made disasters, such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management (ERM) practices.

Although demand for these practices and the discussion level for their use is high inside the C-suite of many corpor

As a risk workshop facilitator I get to assist many organisations assess risk to their key organisational objectives.  Interestingly the outcomes are not always about risk treatments, often they are about reviewing risk appetite.

Situation One:

The results of the risk workshop show that three of five key strategic objectives have Extreme risk ratings.  This may be due to one of two scenarios:  Either you are an organisation that is on the edge of the cliff OR your risk criteria are simply wrong. 

The Dodd-Frank Act and Basel III are going to change the way banks raise, allocate and manage capital. Banks need to prepare for these changes now and develop effective strategies for achieving capital optimization and sustainable return on equity. The GFMI, a marcus evans, Capital Adequacy and Strategy Conference, September 12-14, 2012 in New York, NY, will help banks to understand what the legislation means for capital adequacy, as well as what they need to do to achieve the optimum level of c

Perhaps ten years ago, reporting risk profiles or organisational threats was a challenging thing to do for many risk analysts on the job and while the majority of risk reports were fundamentally ordinary, it became apparent quite quickly that a simple list of hazards was never going to cut it.

In this blog we look at an emerging era of risk reporting.

Click here to continue reading

In the world of risk, analysts and managers alike try to reduce the likelihood of an event occurring by inserting controls between the event's driving factors and its outcome.

Christchurch City Council has just released a blueprint for the future of the city's CBD, entitled the Christchurch Central Recovery Plan. It is bold and imaginative and makes this statement: "we are here and we will be back better than ever before".

I have just returned from meetings with city planners and consultants in Christchurch during which we discussed recovery operations and the challenges they are facing. The planning time frame is years but we all know the implications will be for deca

One of the most concerning trends that continually persists in operational risk management, is the lack of interest from analysts to attempt to quantify this risk exposure coherently.

In this blog we look operational risk from the perspective of the normal and the extreme.

Click here to continue reading

CFAR-m main features (unique algo and features) 

Aggregation is a way to combine several single indicators representing different components (dimensions)
of the same concept to form a single aggregate. The result leads to a single score, called a composite
indicator, which has the ability to summarize a large amount of information in a comprehensible form .
Aggregation requires the determination of a weighting scheme of the different components. This task is
extremely difficult and is one of the c

It just seems the either no one is measuring realized risk exposure numbers for their firms, or mums the word on their findings.  The information that I collect is strongly covered by Non-Disclosure Agreements.  To help with this, I want to start publishing de-identified statistical abstracts.  

I included some of these statistical abstracts in the financial section of a paper published by ANSI.  I am a coauthor on, "The Financial Impact of Breach Health Information, A Business Case for Enhanced

Should we retrofit ISO 31000 to become the umbrella for enterprise risk management?

ISO 31000 has two key issues for integration in the enterprise. The first is an accidental creation of conflict from the ISO standards board, the other is a missed oversight on what is happening on the ground.  

In this blog we take a look at both of these problems [ Click link to continue reading ]

Risk management solutions are not a separate module or product. Instead, they compose an approach that adds value to both top-down and bottom-up activities within the organization.

Risk management is in everyone's job description and ERM is all about how to identify the aspect of risk management in every role and connect the dots automatically using the “Six Degrees of Separation Theory” that I discussed in my last blog to get right to the people who know the risk and are responsible for the risk

Douglas Hubbard, in his book "The Failure of Risk Management", claims that risk management failed us in the lead up to the GFC because of flawed risk models, the use of qualitative risk assessment through the use of risk matrices or both. He contends that anything can be measured and that we should be measuring.

The case for quantification
There is no doubt in my mind that quantification is better than using our best judgement because our minds are at the mercy of our psychological biases. A coup

Effective governance requires changes in the way risks are managed across "stove-pipes" or "business silos". More often than not, when loss events occur it becomes clear after the fact that different silos were holding onto different pieces of the risk puzzle but no one could put the pieces together. So the problem is how to identify risk? 

Many risk managers are so bogged down by loss event capture and incident management, that being able to focus on preventing loss events and identifying emergi

We define risk as "the effect of uncertainty on objectives" (ISO 31000), however how often do we stop and ask if we have the right objectives in the first place? On what basis were they formed? When were they developed? Have times changed? In my experience facilitating risk workshops, often a poor or even incorrect set of objectives is the "elephant in the room" for the management team. Here are some tips for ensuring you have the right objectives:

 Stakeholder Analysis - Identify your stakeholde

The problems with risk models, a Bank of England speech on why financial models are broken and the general evolution of risk management.

Over the last few months, risk models have come under the spotlight as a potential reason why risk management, as an entire institutional function, is failing.