Exchange Ideas

The interactions between risk management and technology

Focus both on technology developments that can help improve risk management, but also on other aspects such as operational and potentially strategic risks caused by advances in technology

 

« Utilizing Technology to improve TARP and Financial Oversight | Main | Systemic Risk and Macro-prudential Regulation »

October 01, 2009

Lessons from the Current Crisis

Last week I attended a PRMIA lecture series where we were treated to a fascinating presentation by David Rowe, EVP for Risk Management at Sungard. Entitled "Lessons for Financial Risk Management from the Current Crisis",  he presented 5 crucial lessons that we must learn from the debacle of the past few years. Concise and well-presented, the presentation and subsequent panel discussion got me thinking about the technology implications of these lessons.

The 5 points Dave made were:

  1. Statistical Entropy: Taking a cue from thermodynamics, data cannot be created, only used. In other words, trying to generate risk metrics from data that does not exist is monumental folly comparable to medieval alchemists trying to turn lead into gold.

  2. Structural Imagination: This can be pithily summarized as "thinking outside the box". Use imagination to look for predictors that are not being scrutinized.

  3. Self-Referential Feedback: In engineering terms, this points to the dangers of positive feedback loops. Both up- and down-moves can be highly exacerbated by such effects leading to larger than anticipated risk.

  4. Complexity and Dark Risk: Beware of complexity in products and market structure for its own sake. The more complex a situation, the more reason to mistrust risk numbers that purport to inform on it.

  5. Alternate Means of Valuation: Simply put, every model must have a Plan B.
The point about statistical entropy seems obvious, but is my pet candidate for the single biggest contributor to crisis. When one considers that the whole market in higher-order structured mortgage securities (such as CDOs) only came into being during past decade's unabated bull market, it should have been obvious that their ratings were promising more than they could deliver. There simply was not enough historical data to properly calculate their risk under truly adverse conditions. Market practitioners, on the other hand, cheerfully went about ignoring this basic law and creating models that were mostly based on a wing and a prayer.

What also caught the attention of the physics student in me was the economic equivalent of the laws of thermodynamics - not only is risk modeling at best a zero-sum game when it comes to data, but you can't even expect to break even. There is always some residual chaos in data. Therefore it pays off to reduce this data and technology entropy as much as possible since that's all we have.

I have alluded to the needs for technology to support structural imagination in a previous posting. Most data and business intelligence infrastructure environments are currently too fragile or inflexible to support this sort of blue-sky thinking. Make it difficult to think outside-the-box and organizational inertia will ensure that structural imagination is simply banished from the corporate firmament.

The point about complexity has gotten me thinking quite a bit about how to measure it. There has been some research in the space of software architecture to this effect - is it possible to adapt some of this research to come up with a "complexity index" for products or market structure? if we could come up with a measure, presumably we could require that ratings (both internal to a firm and those generated by ratings agencies) come with the complexity index attached which can tell the user how much to rely on a risk rating. Look for more on this subject - seems like a fruitful area of thought.

The last point on alternative means of valuation is perhaps the simplest, and in my mind, the most unforgivable. There in fact is a simple alternative means of valuing complex mortgage securities. If all the mortgages that belonged to a security were precisely known (along with their weights, and the terms and conditions of the security itself) it would be a relatively simple issue to create a model that could calculate the value of the security under different conditions of mortgage default and recovery rates. That this currently seems impossible is a telling commentary on the irresponsibility of the markets - critical issues of data integrity and sharing was not given adequate attention. At the end of the day it's simply the case of paying attention to proper management of reference data and metadata. Seems to me that no matter how difficult the data management problem is, it could have been solved for the hundreds of billions that have been written down in this debacle. For further detail on this subject - see Charles Smithson's many articles.

The more I study the subject and talk to leading thinkers on the matter, the more I'm convinced that giving technology the short-shrift has been one of the biggest contributors to our current sorry state. Yet I see only hesitant steps being taken in the large Financial Institutions which would be the biggest beneficiaries. Hard to pinpoint the reasons, but you can be sure this question will occupy my musings in posts to come.

Agree with my sentiments? Disagree? Any and all comments and criticisms welcomed.

"“It is better to debate a question without settling it than to settle a question without debating it.” - Joseph Joubert

Posted by dkrishna at October 1, 2009 12:13 PM

Comments

Defining complexity is a very challengine task. With my experience of both large and small software projects, I have come to some conclusions. May be these can be debated and applied to financial risks as well.

Randomness and size are two elements that cause complexity. If a program P1 handles more random variables than program P2, then P1 is more complex than P2. Thus, an operating system that handles all kinds of input and output devices is necessarily more complex than a business application which caters to less.
Second type of complexity is by size. A bigger program is more complex than a smaller one. I have never fully grasped why.
By analogy, any financial instrument with more random variables will be more complex than one with less random variables. These variables could be explicit or implicit. Secondly, a large position on a single instrument is a complex position as opposed to a smaller one.

Technology has never been used and used well for risk management is my firm belief. There are any number of examples that are available. Ultimately risk management has not used advances in technology to any good effect (whereas trading has!!!)

Posted by: D N Prahlad at October 6, 2009 07:37 AM

Post a comment




Remember Me?

(you may use HTML tags for style)