Live from RiskMinds International, we take a look at two key emerging trends that are sure to change the game for the banking sector and other industries.
As Donald Rumsfeld famously said, we have to deal with “known knowns”, “known unknowns” and “unknowns unknowns”.
“Most people smile wryly when you repeat that quote,” stated Michael Grimwade, Head of Operational Risk at ICBC Standard Bank, at the start of his session on operational risk at Risk Minds International 2018 in Amsterdam. “But actually it’s quite insightful, because if you start to try and quantify remote and emerging operational risks it’s really quite similar. We are never going to have perfect knowledge, but we should utilise the knowledge that we have got.”
How do we identify emerging risk?
In order to identify risk, we need to employ four approaches, said Grimwade.
Firstly, there are the things that we know – populations are getting older, the climate is getting warmer. Secondly, history repeats itself – the litigation that followed the dotcom bust was repeated after the bursting of the mortgage market bubble; thirdly, there are patterns – misconduct in one jurisdiction will probably apply to another; and lastly, trend is a friend – extrapolate the trends you can see.
“You should apply six different characteristics to each of these,” suggested Grimwade: “Environment, politics, economics, society, tech and regulation. You will find that there are domino effects and feedback loops between them – the increased use of social media leads to increased cyber crime, for instance.
“You also need to consider the timescale – is the emerging risk transient (Brexit) or with us long term (cyber crime) – and how it translates into specific operational risks. For instance, an ageing population can lead to more conduct risk. It’s a customer base that is asset rich, cash poor and it needs a financial product to unlock that.
How to quantify and validate emerging risk
If you are trying to quantify risks in terms of likely impact, you need to understand what the underlying driver of the event is, in order to come up with appropriate techniques.
Expert judgement, anonymous voting, Delphi and industry frequencies were all valid ways of quantifying operational risk.
As was fault tree analysis, where you try and establish the likelihood of each of the individual steps on the pathway to a loss to reach the overall conclusion.
This type of technique gives you better estimates than a room full of people, and it’s more defendable to regulators.
But it needs validation.
Approaches to validation include back-testing individual scenarios against internal and external loss events and insurance policies; back-testing the portfolio of scenarios against historical data; and back-testing against models.
Key emerging risks
Among the emerging risks to consider were cyber crime, especially data theft, and IT risks, especially in relation to algorithms, said Grimwade.
“The key thing about this is that the rate of loss is measured in minutes, so the speed of the response has to be of an order of magnitude faster than managing humans.”
With AI and machine learning on the rise, he continued, the issues concerning incorrect decisions it might make, such as giving loans to customers it shouldn’t have, are also growing.
There have been three eras of operational risk, concluded Grimwade.
“The 1990s was a period of idiosyncratic risk – infamous rogue traders; in the noughties it was conduct risk losses, driven in part by economic cycles; and now we are moving into a third era – what will drive operational risk in the future is cyber crime and IT related risks.
“The operational risk function needs to change, it needs to acquire the skills to cope and be able to implement a very fast response.”
We are also moving into a world where climate change is a much more prevalent issue.
“If I had been here talking about climate 10 years ago I would have not been invited to an event like this, a step change in our thinking,” said Gaurav Ganguly, Head, Group Risk Economics at HSBC. “It’s now very much incorporated into financial risk management.
The challenge of climate change risk, explained Ganguly, is that we are facing something quite unprecedented and we are trying to understand how it will filter through the financial system but we have nothing to guide us.
Climate change mitigation and transition
Climate science talks about two responses to climate change, he explained.
Firstly, mitigation to prevent further increases in greenhouse gas emissions. “You could argue that the pathway is clear, but it’s easier said than done. There is an economic problem in that we are all aware that climate represents a huge externality. The price of the goods we consume does not take into account the cost of emissions, so the costs have to be absorbed into another part of the system.”
Alongside that, he added, there is a global coordination problem: goods are consumed locally but the problem is global.
Secondly, there are thetransition risks. “For instance, if we do decarbonise, will we just be moving from one equilibrium to another?”
The key risks from climate change are physical ones and they arise from weather-related disruption, he explained.
“When we think about bankable assets and economic activity, this physical risk will not manifest equally – the most immediate affects will be felt in sub-tropical and tropical areas, and a large number of those countries will be less able to cope.”
There was also a huge interdependency between transition and physical risk: “If we don’t start the transition to lower carbon emissions now, then we would have little implication on the financial system today, because we are largely configured for fossil fuels, but it might store up bigger physical risks in the future.”
Understanding climate change to manage risk
Whilst Ganguly said that we probably didn’t need an entirely different framework to manage this emerging risk – we can lean on ERM to examine a wide variety of risk and climate is one of them – the key difference was that climate risk is pervasive.
“One of the tools we can use is scenario analysis,” he suggested. “It’s a powerful tool for understanding climate risk. But we need to be alive to the fact that climate risk has so much uncertainty, and it won’t be possible to create a single scenario, it’s a dynamic debate.”
We need to challenge ourselves and develop different ways of thinking, he stated.
“We need to think about climate as a stressor on existing vulnerabilities. The abrupt transition to non-fossil fuels could have massive implications for sovereigns that rely on revenues, and that in turn has implications for sovereign sustainability. The longer-term effects of the hollowing out of the economic activity in one part of the world could promote migration and affecting geopolitical risk in another part of the world.
There were more questions than there were answers, admitted Ganguly, but there were certain things he was sure of:
“It’s important to start thinking about climate risk and mapping it to your portfolio now. It’s important to think about engaging with policy makers at a national and supra national level to understand the impending speed and scale of climate transition, and it’s important to become actively involved in cross-disciplinary interaction.”