Current Commentary

Coming Next


TV Series Theory

LA in the 1970s:

Experimental Finance


Part I: The Long Goodbye

Comes of Age





March 11, 2013


Mutual Funds
Risk Management
Experimental Finance
Online Articles
Books and Articles
Finance Notes
Rigged Online
About Us
Contact Info

Three More Things about Risk Management


Ross M. Miller
Miller Risk Advisors
May 8, 2006

[This commentary, which may be edited beyond recognition, appears in the May/June 2006 issue of Financial Engineering News. This is the raw, unedited version of that commentary.]

Contemporary risk management has some of its roots in the cinematic comedy of the early 1990s. Back in those relatively innocent times, it was common for executives to use a pivotal scene from the movie City Slickers to guide corporate strategy. That scene is the one where the Billy Crystal character asks the Jack Palance character about the secret of life and Jack responds by holding up a single finger. The secret, as it turns out, is not Mr. Palance's index finger, but the idea of focusing one's attention on just "one thing," City Slickers became sufficiently popular with CEOs that many corporations spent the much of the nineties (until the Internet rolled around) searching for their one thing.

In risk management, that one thing became one, all-encompassing number to represent risk. I cannot begin to imagine all the hours that I wasted in arguments over what that one number is, how one goes about computing it, and what to do with it once you have it. And, as any careful reader of this august publication will notice, such arguments, ever more technical and contentious with each passing year, have not gone away.

In its various forms, the single number approach to risk management boils down to this question: How much "capital" is necessary to protect a business from a plausible short-term run of bad luck? There can be no doubt that this is an important, if not the most important, question in risk management.

Of course, serious risk managers do not limit themselves to a single number or even a "dashboard" full of them. (In this column, I will not mention specific methods or the companies that use them by name in order to avoid the clutter of registered trademark symbols and the hassle of the inevitable lawsuits.) For example, considerable effort has been expended on what comes down to the attempt to model events without precedent, so-called "black swans." There are, however, things that one can do about risk that go beyond the single number and that do not involve the morbid contemplation of the end of the world as we know it, nor that involve trying to model the unmodelable.

The real problem with taking a single set of numbers, no matter how finely crafted, as the point of departure for risk management is that it can turn into a pathological form of tunnel vision. I propose three things that can help companies to escape from this risk tunnel:

Thing #1: Profitability matters most.

This one is obvious. Nonetheless, I have repeatedly seen businesses become so obsessed with risk they forget that they are supposed to be making money. This pathology can result when artificial constructs—such as credit ratings or tracking errors—mutate from constraints into objectives.

Behind this pathology is a form of a cognitive bias known as the availability heuristic that was first documented by Amos Tversky and Daniel Kahneman and is routinely ignored by builders of risk management systems. The single number approach to risk management is designed around preventing a sudden and spectacular failure caused by a large drawdown in funds. While corporate collapses make good fodder for the evening news, financial magazines, and business school cases, their "availability," the way that the stick in people's minds, makes it easy for decision-makers to overstate their importance. Businesses are usually not devoured by sharks; instead, they are nibbled to death by catfish.

No matter how well it manages risk, any enterprise built on a negative-alpha business plan is doomed. (I am using alpha here in an intentionally vague sense, such as one might use it for the title of a magazine. Feel free to substitute the trademarked, risk-adjusted performance measure of your choice.) Conversely, some notable financial institutions that have had essentially nonexistent risk managements functions managed to do quite well because they raked in the alpha.

Risk managers (and the models they use) are often complicit in protecting negative-alpha business. It can be something as simple as assuming the negative alphas away or keeping them around to provide diversification even when plenty of zero-alpha alternatives in the form of common derivative securities are available to do the job.

Of course, there are the CEOs who are not particularly pleased when their chief risk officers (CROs) start to control their businesses. Such displeasure is often justified, which brings us to:

Thing #2: Bureaucracy kills.

Risk management is potent medicine. And, like any potent medicine, there is always the chance of negative side effects, one of which is to make the business less competitive by restricting its growth opportunities. In its most insidious form, this side effect manifests itself as bureaucracy.

An instructive example is to be found in the field of statistical quality control, a form of risk management that even employs some of the same Greek letters as finance. Quality control is a good thing until those who promulgate it take on the characteristics of a cult intent on infesting every aspect of corporate life. New, self-aggrandizing hierarchies are created with the cult leaders anointing themselves as the chosen ones.

The poster corporation for statistical quality control run amok (remember, I am not naming names), managed to decimate the value of its stock and squander its global lead in not one, but two, high-tech businesses. While stocks of the other firms taken over by this cult have not behaved quite so badly, shorting them against the S&P 500 has not been such a bad trade over the past few years. There may well be companies that have drunk from the punchbowl of obsessive quality control and have nonetheless prospered, but they have managed to keep their success to themselves, which leads to:

Thing #3. Attention comes with a price tag.

Sometimes the best way to manage risk is to gag your CEO. It is often said that there is no such thing as bad publicity, but good publicity that attracts the wrong kind of attention can be bad, really bad. That is because class-action litigators, attorneys general, and even the SEC tend to go after the biggest bears (or bulls) in the woods. While the brand identity that can be bought with quacking ducks and talking geckos is desirable for financial businesses that have consumers in their sights, those with a more select clientele in mind can be taking a huge risk merely by attracting attention. People speak of the jinx associated with an athlete or businessperson who appears on a magazine cover, and so just showing up on the radar screen often precedes getting shot down.

Hedge funds, which seem to attract most of the world's biggest egos, can have the most to lose and the least to gain by becoming visible. While the theoretical underpinnings of quantitative finance (including risk management) assume the financial universe behaves in a passive manner under the invisible hand's influence, the real world of finance is not only active, but also actively hostile to a degree that transcends rationality.

Just because a risk manager is aware of the three things described above, does not mean that he is necessarily in a position to do anything about them regardless of to whom he reports. Back in the days when the concept of the chief risk officer was still being conceived, I recall hearing a prominent CEO remark, "Well, at least if things go wrong, we will be able to fire someone who doesn't matter to the business."

Copyright 2006 by Miller Risk Advisors and Financial Engineering News.