Submit a post for this blog at www.riskblog.com

Risk Blog, a risk assessment and risk management information blog.
Providing a daily dose of news and features from the world of the business risk, forecasting, and risk industry for both the consumer and risk professional.
click here to post

RSA finally comes clean: SecurID is compromised

RSA Security is to replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.

SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.

The Rotman School / The Risk Issue / Spring 2007

The Rotman School has set out to redesign business education for the 21st century and become one of the world's top-tier business schools. The School is developing an innovative curriculum built around Integrative ThinkingTM and Business DesignTM.

Underestimating the Risk of the Status Quo
Canadian firms are profoundly influenced by our capital markets’ narrow definition of ‘risky behaviour,’ and the unfortunate result is a dearth of globally-competitive companies.
Countering the Biggest Risk of All
How to anticipate and manage strategic threats systematically – and in the process, turn some of them into growth opportunities.
Bounded Awareness
People tend to overestimate their own awareness and underestimate its bounds. As a result, they often overlook information that is crucial to making successful decisions.
How Private Action Can Reduce Public Vulnerability
Risk expert Erwann Michel-Kerjan explains how our increasing interconnectedness breeds risk, and why the private sector must take a leadership role in assuring a safer environment.
Hull’s Laws: What We Can Learn from Derivatives Mishaps
High profile losses have made people wary of derivatives, which is unfortunate, because they can provide a very efficient way to manage risks.
A Primer on the Management of Risk and Uncertainty
Effective risk management involves preparing for ‘known unknowns’ and ‘unknown unknowns.’ Here’s how to get started.
Dancing with Strangers
While maintaining ties with ‘safe’ past partners stabilizes inter-organizational networks, non-local ties with ‘strangers’ can sow the seeds of network change and innovation.
Achieving Optimal Agreements
Focusing on promoting success rather than preventing failures is a powerful tool for achieving one’s goals at the bargaining table.
Embracing Risk to Learn, Grow and Innovate
In the world of ‘design thinking,’ acknowledging risk is the first step towards taking action, and with action comes insight, evidence and real options.

[ PDF ] current issue » archive  Contribute: submit link / submit article / submit company ]

Risk: Epistemology and Risk Management

Risk management is a serious business. Accordingly, the production of a risk “measure” must be subjected to the question “how do you know what you claim to know” – in other words, epistemology. Claims regarding risk cannot be made without any rigorously established supervision of their validity. There is a need for skeptical inquiries concerning how a risk measure was obtained and how an opinion was formed. The fields of economics, finance, and insurance, in spite of their reliance on mathematics, have so far produced unreliable risk measures, particularly with the highly quantitative Modern Portfolio Theory. Very little check has been made on the theoretical and practical fitness of the assertions by the researchers and practitioners. Further, the discipline of statistics, with its confirmatory orientation, falls severely prey to the problem of induction – where proof of one level of probability is assumed to be proof of another.

Now, if the field of risk studies and quantitative risk management lacks adequate supervision, the field of mainstream epistemology itself provides no help for a decision maker under uncertainty (we tried!).

[ PDF ] view document » fooledbyrandomness.com [ Contribute: submit link / submit article / submit company ]

Beyond Fear: The Psychology of Security

Security is both a feeling and a reality. And they're not the same.

Most of the time, when the perception of security doesn't match the reality of security, it's because the perception of the risk doesn't match the reality of the risk. We worry about the wrong things: paying too much attention to minor risks and not enough attention to major ones. We don't correctly assess the magnitude of different risks. A lot of this can be chalked up to bad information or bad mathematics, but there are some general pathologies that come up over and over again.

• People exaggerate spectacular but rare risks and downplay common risks.
• People have trouble estimating risks for anything not exactly like their normal situation.
• Personified risks are perceived to be greater than anonymous risks.
• People underestimate risks they willingly take and overestimate risks in situations they can't control.
• Last, people overestimate risks that are being talked about and remain an object of public scrutiny.

[ PDF ] view document » schneier.com

Institute of Risk Management

A change of guard at the Institute of Risk Management where Cary Depel, a former deputy chairman at the UK-based training body, becomes chairman, replacing Mike Walker. Depel is legal and compliance director for IFX Markets and a director of City Index, financial services companies operating in the retail derivatives market.

» Search Risk-Specific Tags: Institute of Risk Management - Risk Management - IFX Markets

The OTC explosion. Nowhere is it easier to be blase about big numbers than in the market for over-the-counter derivatives.

Yet the numbers released by the Bank for International Settlements this morning, charting OTC derivative activity during the first half of this year, still manage to boggle. Notional amounts covering all contract types "expanded at a brisk pace" -- up from $297,670,000,000,000 to $369,906,000,000,000 in the period. They must have big calculators in Basel.

Lest we all drown in a sea of zeros, however, the BIS points us in the direction of gross market values, which measure the cost of replacing all existing contracts. This is seen as representing a better measure of market risk at any given point in time. The numbers here are much more manageable. Such values, which net off exposures between counterparties, expanded from $9,749,000,000,000 to $10,074,000,000,000 during the first six months. Huh. In OTC land that must look like the overall market is in danger of going ex-growth.

» Search Risk-Specific Tags: International Settlements - OTC derivative
» Alphaville

Study: The controversial practice of backdating stock options went hand-in-hand with poor corporate governance practices and overbearing chief executives.

The research by three academics is the first to suggest a link between lax internal controls and stock options backdating. The scandal has so far engulfed more than 130 US companies in internal and regulatory probes but the study suggests that number could climb to 720.

» Search Financial-Specific Tags: Backdating Stock Options - Corporate Governance - Stock Options
» FT.com

DTCC launches Trade Information Warehouse for OTC derivatives processing.

The Depository Trust and Clearing Corporation has announced the formal launch of its Trade Information Warehouse, designed to reduce risk and automate post-trade processes in the over-the-counter derivatives markets.

The launch of the initiative follows a ten-month collaborative effort between the DTCC and 19 sell-side and buy-side firms. The utility is designed to take trades submitted over the DTCC's existing Deriv/Serv platform and provide a central support infrastructure to automate and standardise post-trade processes such as payments, notional adjustments and contract term changes.

The DTCC claims that 80% of credit derivatives traded globally are electronically confirmed through Deriv/Serv, up from 15% in 2004.

» Search Risk-Specific Tags: DTCC - Trade Information Warehouse - OTC Derivatives Processing
» Wires

EBS and Reuters launch of a new benchmark page for spot FX price fixings to provide reference rates twice a day.

Reuters EBS Spot Fixing shows spot FX price fixings for 11 currency pairs, and will publish daily at 11:00 and 16:00 London time.

The Bank of England currently publishes the page . This displays spot market fixings, used as the reference rates in International Swaps and Derivatives Association (ISDA) agreements for the swaps market, and by FX dealers for customer compliance and transactions. This fixing will no longer be priced from 18 December 2006.

EBS and Reuters were asked by the Bank of England's FX Joint Standing Committee to provide 'Reuters EBS Spot Fixing' as a substitute page that accurately reflects the spot market prices at the time of the fixing.

» Search Risk-Specific Tags: Reuters EBS - Spot Fixing - FX Joint Standing Committee
» Wires

Zions selects Infosys credit risk management solutions for Basel II

In an effort to enhance the delivery of its credit risk management systems and strengthen compliance with Basel II regulations, Zions Bancorporation (NASDAQ:ZION), one of the nation's premier financial services companies, is implementing Infosys Technologies' (NASDAQ:INFY) Credit Risk Management solutions delivered by its unique Global Delivery Model. The agreement provides Zions' loan officers an end-to-end web execution of Zions' existing risk rating models that supports a more strategic approach to financial risk management.

» Search Risk-Specific Tags: Credit Risk - Risk Assessment Strategies
» BusinessWire

First Niagara Risk Management Plans to Acquire Gernold Agency

First Niagara Risk Management, Inc., the wholly-owned insurance subsidiary of First Niagara Bank, announced today that it intends to acquire Gernold Agency, Inc., an Orchard Park-based insurance agency specializing in alternative risk management solutions for larger businesses. Following the completion of the transaction, Gernold Agency will merge into First Niagara Risk Management.

» fnfg.com

SAAD Group will use RiskMetrics' RiskManager system to provide enterprise-wide risk analysis and reporting.

RiskMetrics Group's products will give SAAD Group full transparency of financial risk plus sophisticated pre-trade analysis and stress testing functionality for existing and potential future investments.

» Search Risk-Specific Tags: RiskMetrics - Financial Risk

Algorithmic trading to take majority share in 2010

More than half of all equities trading in the US will be done using algorithmic dealing systems by the end of 2010, according to Boston-based research consultancy Aite Group.

Aite says algorithmic trading has hit the mainstream in the US equities market and is increasingly becoming the execution tool of choice for both the sell-side and the buy-side traders.

At the end of 2006 the share of algorithmic trading will approach one-third of total US equities trading volume, says Aite, but this will rise to 53% by the end of 2010.

» aitegroup.com

Risk Management Seminar

What: Will provide tools to improve your risk management efforts
Who: Technology Executives Club Where: 410 Club, 410 N. Michigan Ave., Chicago
When: Nov. 15 Time: 1 p.m. Cost: $95 to $150
Contact: Jennifer Prince, 847-837-3900, Ext. 4

» Crains Chicago Business Events Calendar

Bear Stearns Introduces BearXplorer Tools to Manage Risk and Optimize Portfolio Performance

Bear Stearns today introduced BearXplorer, four sophisticated, securities-based portfolio tools. BearXplorer is designed to help chief investment officers, portfolio managers, risk managers, traders and others manage risk and optimize stock portfolios. BearXplorer covers over 14,000 securities in 23 countries. The tools screen portfolios for exposure to over 60 stock market drivers, such as commodity prices, interest rates, exchange rates and economic indicators.

View the Commercial

"BearXplorer gives portfolio managers an instant snapshot of how their investments stack up against the latest market-moving news, like an unexpected drop in jobless claims or a sudden run-up in gold," said Kay Booth, president of BearXplorer"BearXplorer is easy to use and can help investors adjust their portfolios ahead of big market events or as trends develop."

» Search Risk-Specific Tags: Manage Risk - BearXplorer - Optimize Portfolio
» bearxplorer.com

TwoFour adds VCV VaR calculation support

TwoFour Systems, a leading provider of global financial transaction processing systems, today announced the addition of Variance-Covariance Value at Risk (VCV VaR) calculation support in its comprehensive, cross-product TwoFour trading platform.

» Search Risk-Specific Tags: Variance Covariance - Value at Risk
» TwoFour Systems

[PDF] A New Framework for Analyzing and Managing Macrofinancial Risks of An Economy

The vulnerability of a national economy to volatility in the global markets for credit, currencies, commodities, and other assets has become a central concern of policymakers, credit analysts, and investors everywhere. This paper describes a new framework for analyzing a country's exposure to macroeconomic risks based on the theory and practice of contingent claims analysis. (A contingent claim is any financial asset for which future payoff depends on the value of another asset.) In this framework, the sectors of a national economy are viewed as interconnected portfolios of assets, liabilities, and guarantees that can be analyzed like puts and calls. The framework makes it transparent how risks are transferred across sectors, and how they can accumulate in the balance sheet of the public sector and ultimately lead to a default by the government. Key concepts include:

• The high cost of international economic and financial crises highlights the need for a comprehensive framework to assess the robustness of countries' economic and financial systems.
• Contingent claims analysis provides a natural framework for analysis of mismatches between an entity's assets and liabilities, such as currency and maturity mismatches on balance sheets.
• Policies or actions that reduce these mismatches will help reduce risk and vulnerability.
• This framework is useful to both the public and private sectors.

» Search Risk-Specific Tags: Macrofinancial Risk - Macroeconomic Risk - Credit Analyst
» [PDF] HBS Working Knowledge

Operational Risk and Resiliency Frameworks

A tale of five risk management characters and how they fit into your organization.

Whether isolated within a unique risk category or ignored by the others, the banker remains in a more remote risk world than that of the cop, nerd, soldier and mandarin, who increasingly overlap and combine their skills into a broad-based "operational risk" category. Is this the "real" risk categorization that enterprises must consider? Financial and Operational? These two will probably never come together under a single standard or detailed and specific methodology, but they will run parallel through the enterprise and converge at the Board level. Financial risk and operational risk may always be different disciplines; the tools will be used by different people with different skills, but both are required to assess and manage the enterprise risks. Possibly as important is that the financing of enterprises under the Basel II Capital accord (effective in 2008 in the United States) will require operational risk management skills in addition to traditional financial risk management skills.

» Search Risk-Specific Tags: Operational Risk - Financial Risk - Risk Management
» csoonline.com

Suite upgrades analytics library to version 2.4.5

A provider of analytics and trading tools for interest rate and credit derivatives, is pleased to announce the release of Version 2.4.5 of their ALib analytic library. The upgrade is being delivered to Suite's global client base which includes hedge-funds, derivatives dealers, administrators, e-trading platforms and information providers that rely on the library for mission-critical pricing, valuation and risk management.

» Search Risk-Specific Tags: ALib analytic library - Hedge-Funds - Trading Tools

ACI upgrades Proactive Risk Manager package

ACI Worldwide (NASDAQ:TSAI) announced the launch of ACI Proactive Risk Manager Release 7.1, its risk management solution that helps organisations prevent and reduce losses associated with payments fraud. Proactive Risk Manager enables risk operations to highlight, stop and manage fraudulent or suspicious activity, in both real-time and near real-time, through the combination of expertly defined rules and a custom-designed neural network model.

» Search Risk-Specific Tags: Proactive Risk Manager - ACI Worldwide - Risk Operations

European VC coming of age?

Has the European venture capital industry graduated to a new phase in its development, wonders VC Ratings? A new study from VentureOne and Ernst & Young European shows European venture capitalists are putting more money into fewer companies - moving away from the risk averse trap of putting a small amount into many companies leaving a multitude of start-ups unable to grow and compete on a substantial scale.

» Alphaville

Lloyds TSB implements Ortec's pension risk assessment software

Lloyds TSB Group plc (LTSB) has successfully implemented the Asset Liability Management software for Pension Funds (PALM) from ORTEC.

The software enables the Group to conduct comprehensive risk analyses of its employee pension schemes. These risk analyses will be used for corporate pension risk assessment and to support the schemes and LTSB in formulating effective long-term investment strategies.

LTSB had licensed the system earlier this year after a thorough evaluation of the available ALM systems. The Group was looking for a supplier offering extensive market risk and inflation modelling expertise. ORTEC offered its solution in co-operation with Cardano Risk Management, a partner of ORTEC in the field of strategic use of liability driven derivatives solutions in ALM. Together, they meet LTSB's requirements best.

» Finextra

The Risk Intelligent Enterprise: The Rewards of Risk

From the boardroom to the classroom to the newsroom, enterprise risk management (ERM) is a hot topic. Yet despite this widespread awareness, a standard definition of ERM remains elusive, and the range of practices falling loosely under the heading of ERM is vast and growing.

[mp3] Download / via: Deloitte Insights Podcast

Resources for the Risk Intelligent Enterprise

The most successful companies recognize that risk is part of doing business and that it can be managed with positive results. Deloitte & Touche LLP's enterprise risk management (ERM) practices can help you tackle the risks that surround security, Sarbanes-Oxley compliance, technology, tax, the global economy, fraud, financial issues, operations and more. Learn to identify and manage your potential risk.

via: Deloitte & Touche USA LLP

Risk Appetite

Investors in public companies have lost out in this golden age for risk-takers, says Lex, while others have seized the day. Debt is cheap and corporate America awash with cash but with an economic slowdown looming, now is not the time for CFOs to start apeing financial sponsors. But a Morgan Stanley survey finds that M&A is now ranked first when it comes to intended use of capital, up from seventh last year. Distressed at having given private equity its opening, the risk of a more aggressive stance from companies is rising.

via: Alphaville

The Risk Intelligent Enterprise: Enterprise Risk Management for the Energy Industry

“The Risk Intelligent Enterprise: ERM for the Energy Industry” details what all companies can learn from the Energy industry’s experience with enterprise risk management (ERM). This white paper points out that traditional risk management may have served well in the past, but the scope, complexity and interdependencies of emerging risks are compelling many companies to adopt comprehensive and integrated approaches.

Source: The Risk Intelligent Enterprise: Enterprise Risk Management for the Energy Industry

RiskBlog Basics: Risk Management

Generally, risk management is the process of measuring, or assessing risk and then developing strategies to manage the risk. In general, the strategies employed include transferring the risk to another party, avoiding the risk, reducing the negative affect of the risk, and accepting some or all of the consequences of a particular risk. Traditional risk management, which is discussed here, focus on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death, and lawsuits). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Regardless of the type of risk management, all large corporations have risk management teams and small groups and corporations practice informal, if not formal, risk management.

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled later. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss vs. a risk with high loss but lower probability of occurrence can often be mishandled.

Risk management also faces a difficulty in allocating resources properly. This is the idea of opportunity cost. Resources spent on risk management could be instead spent on more profitable activities. Again, ideal risk management spends the least amount of resources in the process while reducing the negative effects of risks as much as possible.

Steps in the risk management process

Identification

A first step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, will cause problems. Hence, risk identification can start with the source of problems, or with the problem itself.

• Source Analysis Risk sources may be internal or external to the system that is the target of risk management. Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.
• Problem Analysis Risks are related to fear. For example: the fear of losing money, the fear of abuse of privacy information or the fear of accidents and casualties. The fear may exist with various entities, most important with shareholder, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger funding of the project; privacy information may be stolen by employees even within a closed network; lightning striking a B747 during takeoff may make all people onboard immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:

• Objectives-based Risk Identification Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk. Objective-based risk identification is at the basis of COSO's Enterprise Risk Management - Integrated Framework
• Scenario-based Risk Identification In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk.
• Taxonomy-based Risk Identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks. Taxonomy-based risk identification in software industry can be found in CMU/SEI-93-TR-6.
• Common-risk Checking In several industries lists with known risks are available. Each risk in the list can be checked for application to a particular situation. An example of known risks in the software industry is the Common Vulnerability and Exposures list.

Assessment

Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan.

Possible Actions Available

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories:

• Avoidance
• Reduction (aka Mitigation)
• Retention (aka Acceptance)
• Transfer

Ideal use of these strategies may not be possible. Some of them may involve trade offs that are not acceptable to the organization or person making the risk management decisions.

Risk Avoidance
Includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the liability that comes with it. Another would be not flying in order to not take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning the profits.

Risk Reduction
Involves methods that reduce the severity of the loss. Examples include sprinklers designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.

Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in increments, software projects can limit effort wasted to a single increment. A current trend in software development, spearheaded by the Extreme Programming community, is to reduce the size of increments to the smallest size possible, sometimes as little as one week is allocated to an increment.

Risk Retention
Involves accepting the loss when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.

Risk Transfer
Means causing another party to accept the risk, typically by contract or by hedging. Insurance is one type of risk transfer that uses contracts. Other times it may involve contract language that transfers a risk to another party without the payment of an insurance premium. Liability among construction or other contractors is very often transferred this way. On the other hand, taking offsetting positions in derivative securities is typically how firms use hedging to financial risk management: financially manage risk.

Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group.

Create The Plan

Decide on the combination of methods to be used for each risk

Implementation

Follow all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.

Review And Evaluation Of The Plan

Initial risk management plans will never be perfect. Practice, experience, and actual loss results, will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.

via [ RiskBlog ]

RiskBlog (tm) dot com

Through this portal you can access a growing range of RiskBlog
brand services.

Brand Name: [ Risk2 ]
Brand Name: [ RiskBlog ]

Brand Name: [ RiskQuote ]
Brand Name: [ RiskCard ]
Brand Name: [ RiskThis ]
Brand Name: [ RiskVoice ]

Risk

Risk is often mapped to the probability of some event which is seen as undesirable. Usually the probability of that event and some assessment of its expected harm must be combined into a believable scenario (an outcome) which combines the set of risk, regret and reward probabilities into an expected value for that outcome. There are many informal methods which are used to assess (or to "measure" although it is not usually possible to directly measure) risk, and (for some applications) formal methods such as value at risk.

In scenario analysis "risk" is distinct from "threat." A threat is a very low-probability but serious event - which some analysts may be unable to assign a probability in a risk assessment because it has never occurred, and for which no effective preventive measure (a step taken to reduce the probability or impact of a possible future event) is available. The difference is most clearly illustrated by the precautionary principle which seeks to reduce threat by requiring it to be reduced to a set of well-defined risks before an action, project, innovation or experiment is allowed to proceed.

In information security a "risk" is defined as a function of four variables: the probability that a threat will act on a vulnerability to cause an impact. If any of these variables approaches zero, the overall risk approaches zero. For example, human beings are completely vulnerable to the threat of mind control by aliens, which would have a fairly serious impact (until Tom Cruise saves us all in the last reel, of course). But as we haven't yet met aliens or discovered mind control, the probability of such an attack happening is almost zero, so the overall risk is almost zero.

Risk in Finance

Risk in finance has no one definition, but some theorists, notably Ron Dembo, have defined quite general methods to assess risk as an expected after-the-fact level of regret. Such methods have been uniquely successful in limiting interest rate risk in financial markets. Financial markets are considered to be a proving ground for general methods of risk assessment.

However, these methods are also hard to understand. The mathematical difficulties interfere with other social goods such as disclosure, valuation and transparency.

In particular, it is often difficult to tell if such financial instruments are "hedging" (decreasing measurable risk by giving up certain windfall gains) or "gambling" (increasing measurable risk and exposing the investor to catastrophic loss in pursuit of very high windfalls that increase expected value).

As regret measures rarely reflect actual human risk-aversion, it is difficult to determine if the outcomes of such transactions will be satisfactory. Risk seeking describes an individual who cares more about the potential gains than about the expected gains from an investment. For example, an individual who invests in a small stock, knowing there is a large chance of losing some money, but a small chance of making a great deal of money could be described as a risk seeker.

In financial markets one may need to measure credit risk, information timing and source risk, probability model risk, and legal risk if there are regulatory or civil actions taken as a result of some "investor's regret".

Risk = Probability (of the Event) times Consequence.
(The total risk is then the sum of the individual class-risks)

The risks are evaluated using Fault Tree/Event Tree techniques (see safety engineering). Where these risks are low they are normally considered to be 'Broadly Acceptable'. A higher level of risk (typically up to 10 to 100 times BA) has to be justified against the costs of reducing it further and the possible benefits that make it tolerable - these risks are described as 'Tolerable if ALARP'. Risks beyond this level are of course 'Intolerable'.

The level of risk deemed 'Broadly Acceptable' has been considered by Regulatory bodies in various countries - an early attempt by UK government regulator used the example of hill-walking and similar activities which have definable risks that people appear to find aceptable.

The technique as a whole is usually refered to as Probabilistic Risk Assessment (PRA), (or Probabilistic Safety Assessment, PSA).

via [ RiskBlog ]

Welcome to RiskBlog (tm) dot com

A weblog about the interests, the curiosity, the passions, of Enterprise Risk Management, Risk Measures, and Risk Identification. RiskBlog reveals the smart edge of the culture: trading style, firms, software, and trends that intelligent, successful, and independent risk managers want, need, and ought to know about.

via [ RiskBlog ]