Reading 88
MODULE 88.1: INTRODUCTION TO RISK MANAGEMENT
Define risk management.
The risk management process seeks to: (1) identify the organization's risk tolerance; (2) identify and measure the risks the organization faces; and (3) modify and monitor those risks. The goal is not to minimize or eliminate all risks — returns above the risk-free rate are earned by taking on risk.
An organization may increase exposure to risks it can manage well, and decrease exposure to risks it cannot — through organizational change, insurance, or hedging — so that the bundle of risks aligns with its risk tolerance.
While returns in any period are not under managers' control, the specific risks and overall level of risk taken are. Risk management is therefore: determining organizational risks, choosing the optimal bundle, and implementing mitigation strategies to achieve that bundle.
風險管理流程的三大目標:①辨識組織的風險容忍度;②辨識並衡量組織所面臨的風險;③修正並監控這些風險。其目的不是消除所有風險——超越無風險利率的報酬正是承擔風險所換得。
組織可增加自身較能掌控的風險暴露,並透過組織調整、購買保險或避險交易來降低難以掌控的風險暴露,使整體風險組合與風險容忍度一致。
管理者無法控制特定期間的報酬,但承擔哪些風險、承擔多少風險是可以選擇的。因此風險管理=判斷組織風險、選擇最佳風險組合、執行緩釋策略。
教授提醒:這套框架適用於企業、投資組合、金融機構,甚至個人。個人選擇風險組合的目標是最大化預期效用,而不是利潤。
Describe features of a risk management framework.
A comprehensive risk management framework should encompass:
- Establishing processes and policies for risk governance
- Determining the organization's risk tolerance
- Identifying and measuring existing risks
- Managing and mitigating risks to achieve the optimal bundle
- Monitoring risk exposures over time
- Communicating across the organization
- Performing strategic risk analysis
Only by understanding the risks faced — and by having the processes in place to manage and monitor them — can an organization align its risk exposures with its goals.
完善的風險管理框架應涵蓋以下要素:
- 建立風險治理的流程與政策
- 決定組織的風險容忍度
- 辨識與衡量既有風險
- 管理與緩釋風險以達成最佳風險組合
- 持續監控風險暴露
- 於組織內進行溝通
- 執行策略性風險分析
唯有了解所面臨的風險,並建立管理與監控的機制,組織才能讓風險暴露與目標一致。
Define risk governance and describe elements of effective risk governance.
Risk governance is senior management's determination of: (1) the organization's risk tolerance; (2) the elements of its optimal risk exposure strategy; and (3) the framework for oversight of the risk management function.
Effective risk governance manages risk in a way that supports the organization's overall goals, achieving the best business outcome consistent with risk tolerance. It provides organization-wide guidance on:
- Risks that should be pursued efficiently
- Risks that should be subject to limits
- Risks that should be reduced or avoided
A risk management committee provides a forum for parts of the organization to raise issues of risk measurement, integration of risks, and the best ways to mitigate undesirable risks.
風險治理是高階管理層對下列三項的決定:①組織的風險容忍度;②最佳風險暴露策略的內容;③監督風險管理職能的框架。
有效的風險治理使風險管理服務於組織整體目標,並在風險容忍度範圍內爭取最佳業務成果。它提供整個組織的指引:
- 哪些風險應有效率地承擔
- 哪些風險應設限額
- 哪些風險應降低或避免
風險管理委員會讓組織各單位能提出風險衡量、風險整合及緩釋方法等議題。
教授提醒:風險治理必須在企業整體層級進行——不在業務單位或個別員工層級。風險容忍度與策略由高層為整個組織訂定。
Explain how risk tolerance affects risk management.
Determining risk tolerance means setting overall risk exposure by identifying which risks the firm can effectively take and which it should reduce or avoid. Factors influencing risk tolerance include:
- Expertise in its lines of business
- Skill at responding to negative outside events
- Regulatory environment
- Financial strength and ability to withstand losses
Management must consider risks arising both inside and outside the organization, weighing each against the expected benefits of bearing it and the fit with overall goals.
決定風險容忍度就是設定整體風險暴露——辨別哪些風險公司能有效承擔,哪些應降低或避免。影響因素:
- 各業務線的專業能力
- 應對負面外部事件的能力
- 監管環境
- 財務實力與承受損失的能力
管理層須同時考量來自內部與外部的風險,並衡量其預期效益與整體目標的契合度。
Describe risk budgeting and its role in risk governance.
Risk budgeting allocates firm resources to assets/investments by considering their risk characteristics and how they combine to meet the organization's risk tolerance. The aim: allocate the overall acceptable risk to the asset mix with the greatest expected returns over time.
The risk budget may be expressed as:
- A single metric — e.g., portfolio beta, VaR, portfolio duration, returns variance
- By asset categories — e.g., domestic equities, domestic debt, international equities, international debt
- By risk factors — interest-rate risk, equity-market risk, FX-rate risk, etc., aggregated to match overall risk tolerance
風險預算是依資產/投資的風險特性,將公司資源配置於各標的,並使其組合符合組織風險容忍度。目標是將可承受風險配置於長期預期報酬最高的資產組合。
風險預算可採用以下形式表示:
- 單一指標——如組合beta、VaR、組合存續期間、報酬變異數
- 按資產類別——如國內股權、國內債券、國際股權、國際債券
- 按風險因子——利率風險、股市風險、匯率風險等加總後須符合整體風險容忍度
教授提醒:風險治理訂定可承擔風險上限;風險預算則依風險特性在上限內配置資產與投資。
Identify financial and non-financial sources of risk and describe how they may interact.
Financial risks arise from exposure to financial markets:
- Credit risk — uncertainty about whether a counterparty will fulfill contractual obligations
- Liquidity risk — risk of loss when selling an asset at a price below its underlying fair value due to market conditions
- Market risk — uncertainty about market prices of assets (stocks, commodities, currencies) and interest rates
Non-financial risks arise from operations or external sources:
- Operational risk — losses from human error, faulty processes, weak security, or business interruption (e.g., cyber risk)
- Solvency risk — inability to continue operating because of running out of cash
- Regulatory risk — change in regulation imposes costs or restricts activities
- Governmental / political risk (incl. tax risk) — political actions outside regulation, e.g., tax-rate increases
- Legal risk — uncertainty about exposure to future legal action
- Model risk — incorrect asset valuations from analytical models
- Tail risk — extreme events more likely than analysis indicates (often from wrongly assuming normality)
- Accounting risk — accounting policies/estimates judged incorrect
For individuals:
- Mortality risk — risk of death before providing for family's future needs (addressed by life insurance)
- Longevity risk — risk of living longer than anticipated and outliving assets (addressed by lifetime annuities)
- Health-care expense risk — addressed by health insurance
Risk interactions: The various risks are not independent. Example: a firm hedges market risk with options. If markets decline sharply, it is owed a payment from the option counterparty — creating credit / counterparty risk; if the counterparty seeks loopholes, legal risk; resulting losses may force position sales, creating liquidity risk; and additional losses can hit cash, increasing solvency risk. Such interactions become especially significant during periods of financial stress.
金融風險來自金融市場暴露:
- 信用風險——交易對手是否履約的不確定性
- 流動性風險——市況使資產售價低於公允價值所造成的損失風險
- 市場風險——資產價格(股票、商品、貨幣)及利率變動的不確定性
非金融風險來自營運與外部因素:
- 營運風險——人為失誤、流程缺陷、安全不足、業務中斷(含資安風險)
- 償付風險——現金耗盡無法持續營運
- 監管風險——監管環境變動造成成本或限制
- 政府/政治風險(含稅務風險)——非監管的政治行動,如稅率提高
- 法律風險——未來法律訴訟暴露的不確定性
- 模型風險——分析模型導致估值錯誤
- 尾端風險——極端事件比模型預估更頻繁(常因誤假設常態分配)
- 會計風險——會計政策或估計被認定為不正確
個人面臨的風險:
- 壽命短於預期(死亡風險)——以人壽保險因應
- 壽命長於預期(長壽風險)——以終身年金因應
- 醫療支出風險——以健康保險因應
風險相互作用:各風險彼此不獨立。範例:公司用選擇權避險市場風險;若市場大跌,公司受款於對手——產生信用/對手風險;若對手藉合約漏洞抗辯,產生法律風險;後續損失可能迫使賣出部位,引發流動性風險;現金部位惡化又會推升償付風險。這類交互作用在金融壓力期尤其嚴重。
Describe methods for measuring and modifying risk exposures and factors to consider in choosing among the methods.
| Category | Measure | Description / Notes |
|---|---|---|
| Asset Risk | Standard deviation | Volatility of asset prices/rates. May be inappropriate for non-normal distributions (negative skew, fat tails). |
| Beta | Market risk of equity securities/portfolios; reflects diversification benefits; for well-diversified portfolios. | |
| Duration | Price sensitivity of debt securities to interest-rate changes. | |
| Derivatives Risk ("the Greeks") | Delta (Δ) | Sensitivity of derivative value to price of underlying. |
| Gamma (Γ) | Sensitivity of delta to changes in underlying price. | |
| Vega | Sensitivity of derivative value to volatility of underlying. | |
| Rho (ρ) | Sensitivity of derivative value to changes in the risk-free rate. | |
| Tail Risk | Value at Risk (VaR) | Minimum loss over a period at a given probability. |
| Conditional VaR (CVaR) | Expected loss given that loss exceeds the VaR threshold. |
Value at Risk (VaR) is the minimum loss over a period that will occur with a specific probability. Example: a one-month VaR of $1 million at 5% probability means a loss of at least $1 million is expected 5% of the time. VaR is not a maximum loss; results depend heavily on inputs and modeling assumptions, so VaR should be used with other measures.
Conditional VaR (CVaR) is the expected loss given that the loss exceeds the minimum amount — i.e., the probability-weighted average of all losses ≥ the VaR threshold. Conceptually similar to "loss given default" used in debt-securities risk.
Subjective and market-based risk estimates:
- Stress testing — examines the effect of a specific (usually extreme) change in one key variable
- Scenario analysis — what-if analysis of expected loss combining changes in multiple inputs (e.g., interest rates plus oil prices plus FX)
- Subjective estimates — needed for low-probability events (e.g., bankruptcy of a healthy firm) and for political / regulatory / tax-law changes
- Market-based estimates — derived from prices of insurance, derivatives, or other hedging securities, reflecting market participants' aggregate expected loss
- Operational-risk estimation — often uses cross-firm samples to derive overall probability of significant loss and average loss
| Method | Description | Examples |
|---|---|---|
| Risk avoidance / prevention | Do not engage in the activity, or invest in stronger controls. | Avoid investing in a politically risky country; tighten cybersecurity to prevent data breaches. |
| Risk acceptance (self-insurance) | Bear the risk; possibly establish a reserve account. | Firm reserves cash for warranty claims; large firm self-insures parts of property damage. |
| Risk transfer | Another party assumes the risk via an insurance-type contract. | Property/casualty insurance; surety bonds (third-party non-performance); fidelity bonds (employee theft/misconduct); reinsurance. |
| Risk shifting | Change the distribution of possible outcomes, primarily with derivatives. | Forward / futures / swaps to hedge currency risk; buy puts to set a floor; sell calls to give up upside in exchange for a premium that cushions downside. |
Self-insurance simply means the firm bears the loss — it can result from inaction or from deliberate strategic decision. A reserve account may be set aside to absorb losses.
Risk transfer shifts the risk to another party (e.g., insurer). Insurance companies diversify across many uncorrelated insureds; if their own risks become highly correlated or concentrated, they may buy reinsurance. Surety bonds pay if a third party fails to perform on a contract; fidelity bonds pay for losses from employee theft or misconduct.
Risk shifting alters the distribution of outcomes, mainly through derivatives:
- Forward / futures / swaps — eliminate or reduce currency or rate risk on foreign-denominated debt
- Long puts — set a minimum sale price (floor) for a stock position
- Short calls — give up upside in exchange for premium that offsets some downside
Choosing among methods: The criterion is always a cost–benefit comparison. Organizations may combine methods to address a single risk — diversify some, insure where economical, hedge with derivatives, and self-insure the rest — building a final risk profile that matches the organization's risk tolerance and goals.
資產風險衡量:標準差(價格/利率波動度,常態分布以外可能不適用)、Beta(系統風險,須分散組合)、存續期間(債券對利率變化的敏感度)。
衍生品風險(Greeks):Delta(價格敏感度)、Gamma(Delta敏感度)、Vega(波動度敏感度)、Rho(無風險利率敏感度)。
尾端風險衡量:
- Value at Risk(VaR)——指在特定機率下,期間內最低會發生的損失。例:1個月VaR為100萬美元、機率5%,表示有5%機率1個月損失至少100萬。VaR不是最大損失,且其結果高度依賴輸入與假設,須與其他指標合併使用。
- 條件VaR(CVaR)——當損失超過VaR門檻時的預期損失,相當於所有≥門檻損失的機率加權平均,類似債券「違約損失(LGD)」。
主觀與市場估計:
- 壓力測試——分析單一關鍵變數(通常極端)變動的影響
- 情境分析——同時改變多個輸入的what-if(例如利率+油價+匯率)
- 主觀估計——適用於低頻事件(健康公司破產)、政治/監管/稅法變動
- 市場價格估計——以保險、衍生品等對沖工具市價反推預期損失
- 營運風險估計——透過跨公司樣本估算重大損失機率與平均損失
修正風險暴露的四種方法:
- 避免/預防——不從事該活動,或加強控制(如不投資高政治風險國家、強化資安)
- 承擔(自保)——自行承擔損失,可設準備金;可能是消極不作為,也可能是策略性決策
- 風險轉移——由他方承擔(保險、履約保證債券surety bond、誠信保險fidelity bond、再保險)
- 風險移轉/轉移分配(risk shifting)——以衍生品改變結果分配形狀(遠期/期貨/交換對沖匯率;買入賣權設下限;賣出買權換取權利金)
教授提醒:risk transfer=把風險「移交」給保險式對手;risk shifting=用衍生品「改變分配」。考試常考辨此區別。
方法選擇原則:永遠是成本效益比較。組織常組合多種方法處理單一風險——分散一部分、用保險轉移可承擔部分、用衍生品移轉分配,剩餘自保——最終的風險組合應與組織的風險容忍度與目標相符。
- A. risk.
- B. relative returns.
- C. risk-adjusted returns.
- A. risk governance, risk mitigation, and strategic risk analysis.
- B. identifying and measuring risks, risk policies and processes, and risk governance.
- C. risk mitigation, tracking the organization's risk profile, and establishing position limits.
- A. enterprise level.
- B. business unit level.
- C. individual employee level.
- A. maximize expected return for a given level of risk.
- B. minimize risk for a given level of expected return.
- C. reduce any significant risks the firm is exposed to.
- A. setting an annual limit on risk taken.
- B. selecting assets by their risk characteristics.
- C. establishing a maximum amount of risk to be taken.
- A. Credit risk.
- B. Solvency risk.
- C. Settlement risk.
- A. risk mitigation.
- B. using derivative securities.
- C. transferring risk to an insurance company.
Risk management = identifying and measuring risks, establishing risk tolerance, deciding which risks to take vs. reduce/avoid, and putting structure in place to maintain the bundle of risks expected to best achieve the organization's goals.
An overall risk management framework addresses: identifying and measuring risks; determining overall risk tolerance; processes/policies for risk governance; managing/mitigating risks to the optimal bundle; monitoring exposures; communicating across the organization; and strategic risk analysis.
Risk governance = senior management's determination of (1) risk tolerance, (2) elements of optimal risk-exposure strategy, and (3) framework for oversight of the risk management function.
Risk tolerance is the overall amount of risk the organization will take in pursuing its goals; determined by top management.
Risk budgeting allocates the total risk (risk tolerance) to assets/investments by considering their characteristics and combinations. Budget can be a single risk measure or a sum of risk factors.
Financial risks (market, credit, liquidity) arise from financial-market exposure. Non-financial risks arise from operations and external sources. Individuals also face mortality and longevity risk. Interactions among risks are frequent and especially significant in financial-stress periods.
Asset risk: standard deviation, beta, duration. Derivative risk: delta, gamma, vega, rho. Tail risk: VaR, CVaR. Some risks must be measured subjectively. Risk modification methods: bear (self-insure), avoid/prevent, diversify, transfer (insurance, surety bond), or shift (with derivatives). Multiple methods may be combined; the criterion is always cost vs. benefit, ending in a risk profile that matches risk tolerance and organizational goals.
【LOS 88.a】風險管理=辨識與衡量風險、建立風險容忍度、決定哪些風險承擔/哪些減少或避免,並建立架構以維持最能達成組織目標的風險組合。
【LOS 88.b】完整的風險管理框架涵蓋:辨識與衡量風險、決定整體風險容忍度、建立風險治理流程/政策、管理與緩釋風險、監控暴露、跨組織溝通、策略性風險分析。
【LOS 88.c】風險治理=高層決定(1)風險容忍度、(2)最佳風險暴露策略要件、(3)風險管理職能的監督框架。
【LOS 88.d】風險容忍度是組織在追求目標時整體願承擔的風險總量,由高層決定。
【LOS 88.e】風險預算將整體風險(風險容忍度)配置到各資產/投資,考量其風險特性及組合方式。可採單一風險指標或多風險因子加總。
【LOS 88.f】金融風險(市場、信用、流動性)來自金融市場暴露;非金融風險來自營運與外部因素。個人另有死亡與長壽風險。風險間相互作用頻繁,金融壓力期尤其顯著。
【LOS 88.g】資產風險:標準差、Beta、存續期間。衍生品風險:Delta、Gamma、Vega、Rho。尾端風險:VaR、CVaR。部分風險須主觀估計。修正方法:自保/避免或預防/分散/轉移(保險、履約保證、誠信保險)/用衍生品移轉分配。可組合多種方法,原則永遠是成本效益比較,最終形成符合風險容忍度與組織目標的風險組合。