Risk, in a broad sense, is that things (things) are exposed to uncertainty. Uncertainty means that it may be future losses and gains. It is a mixture of danger and opportunity. Risk, in the most basic sense, is the possibility that bad things may happen.

When we compare “risk management” with “risk-taking”, it is not difficult to find that: risk management is about how companies actively choose the type and level of risk that suits them, not only from the perspective of defense; risk management is for Additional benefits and take the initiative to assume additional risks. Of course, risk management and risk-taking are not opposites, but two sides of the same coin.

Risk management is an ancient craft, but it is a young science-even a younger profession. At present, it is a period of digital transformation, and companies are facing new challenges and opportunities. We can find from past cases that financial institutions with a long history have suffered bankruptcy because their risk management procedures have ignored certain types of risks and misunderstood the differences between risks. Or fail to follow the classic steps in the risk management process.

Based on historical cases, risk management needs to keep up with the trend of the times and advance with the times, and the basic building blocks should be empowered and upgraded accordingly. Looking back at history, most disasters are caused by the failure of the following new ten basic building blocks, rather than the failure of complex technologies.

The new ten basic building blocks are shown in the figure below:

Module 1: Risk management process

We take risks in order to gain benefits, and in order to balance risks and benefits, we generate the first building block.

The risk management process is shown in the figure below:

The end result of the risk management process is a series of choices that can not only manage risk, but also help define the company’s identity and purpose. As risk-takers improve their risk management strategy, it will begin to avoid or mitigate unnecessary/value-damaging risk exposures, which in turn will allow it to seek more value-creating opportunities for its stakeholders.

It is worthy of our serious consideration that risk control measures include: risk aversion; risk retention; risk reduction; 4 types of risk transfer.

(1) Risk avoidance: Some risks can be avoided by stopping business or adopting different strategies. For example, sales to certain markets, or offshore production, can be avoided to minimize political or foreign exchange risks.

(2) Risk retention: risks that can be retained in the company’s risk appetite. Large risks can be retained through mechanisms such as risk capital allocation, self-insurance and captive insurance.

(3) Risk reduction: Risks can be reduced by reducing exposure, frequency and severity. For example, improved operating infrastructure can reduce the frequency of certain types of operational risks; hedging unnecessary foreign exchange risks can reduce market risks; accepting credit risk collateral can reduce the severity of potential defaults.

(4) Risk transfer: Some risks can be transferred to third parties through derivative products, structured products or payment of premiums. For example, insurance companies or derivatives providers.

In summary, we, as risk managers, need to continuously identify, evaluate and manage risks in order to strike the right balance between creating value and exposing the company to inappropriate risks.

Module 2: Identifying risks: known and unknown

One of the most common mistakes is to focus on known and measurable risks and ignore those that are unknown or unquantifiable. However, these risks exist and must be managed.

In addition, risk managers must never treat unmeasured risks as known quantities. Uncertainty and ambiguity must be recognized, because their number in some risky activities is much greater than in other activities.

Module 3: Expected loss, unexpected loss and tail loss

Expected loss (EL) refers to the average loss that a position holder may expect to incur from a position or investment portfolio. These losses are not a big threat, because they are reasonably predictable, have been considered in our plan, and have been priced in the products and services provided to customers, such as bad debts, interest rates, etc.

Unexpected loss (UL) refers to the extent to which the loss deviates from the average value, which is called the level of unexpected loss. Generally speaking, forecasting and evaluation are much more difficult, and because of the unpredictable factors involved, advance pricing is much more difficult. In short, some natural disasters, unpleasant events happen together, and so on.

For example, in a credit portfolio, the likelihood of unexpected losses may be driven by very simple factors, such as the number and size of loans. If an investment portfolio consists of a large proportion of small loans, then a very important loan is unlikely to default. If the investment portfolio is very diversified, it is unlikely that multiple losses will occur at the same time to produce unexpected loss levels. But when the form is unexpected to the extreme, some credit portfolios will suffer unexpected or even extreme losses in a downturn. At this time, banks need to allocate a large amount of risk capital to prevent huge unexpected losses that may lead to bankruptcy and default.

Module 4: Decomposition of risk factors

We can decompose risk into discrete risk factors and understand how these risk factors interact under pressure over time to produce losses.

The expected loss of the investment portfolio can be calculated by identifying and estimating the value of key potential risk factors.

In general, the risk index is a function:

1) The probability of a risk event;

2) Risk events faced by the company;

3) The severity of the loss when the risk event occurs.

For example, the credit risk of the loan, these become the borrower’s probability of default (PD); the bank’s exposure to default (EAD); and the severity of default loss (LGD).

Then the calculation formula is as follows:


We can be concrete and use qualitative and quantitative methods to treat expected losses as variable costs or predictable costs, rather than abstract risks or uncertainties.

Module 5: Structural change: From tail risk to systemic crisis

In a complex system, extremely rare events may occur over a long period of time, even if the system remains structurally stable.

Modern risk management can sometimes apply statistical tail risk techniques, using a statistical branch called extreme value theory (EVT) to help make the tail more visible and extract the most useful information.

Module 6: Human agency and conflict of interest

Unlike most mechanical and natural systems, human systems (such as financial markets) are subject to constant structural changes in social behavior, industry trends, regulatory reforms, and leverage from shareholders, shareholders, and stakeholders. For example, stock-based compensation helps align the interests of executives with those of shareholders.

Many financial companies use the following three lines of defense to manage risk:

The first line-the business line that generates, owns and manages risks;

The second line-risk managers who specialize in risk management and daily supervision;

The third line-regular independent supervision and assurance, such as internal audit.

Module 7: Risk types and risk interaction

(1) Risk type

Market risk: Constant changes in market prices and interest rates push the value of securities and other assets to fluctuate, which creates potential losses because price fluctuations are the engine of market risk. Market risk can be managed through the relationship between positions.

In all these markets, market risk is driven by the following factors:

1) General market risk: This is the risk of a decline in the value of an asset class, leading to a decline in the value of a single asset or investment portfolio.

2) Specific market risk: This is a risk, that is, the value of a single asset decreases more than the general asset class.

Credit risk: It stems from one party’s failure to fulfill its financial obligations to the other party. E.g:

Bankruptcy risk: The debtor fails to pay the interest or principal of the loan.

Downgrade risk: The debtor or counterparty is downgraded, indicating an increased risk, which may result in an immediate loss of the value of credit-related securities.

Counterparty risk: The failure of a counterparty in a market transaction to fulfill its obligations, including settlement or Herstatt risk.

Liquidity risk: It is used to describe two distinct risks-financing liquidity risk and market liquidity risk. Among them, financing liquidity risk includes the risk that the company cannot obtain sufficient liquid cash and assets to fulfill its obligations; market liquidity risk (trading liquidity risk) is the risk of asset value loss when the market is temporarily stagnant.

Operational risk: The risk of loss due to imperfect or failure of internal processes, personnel and systems or external events. It includes legal risks, but not business, strategic and reputation risks.

Business risk: It is the core of any business and includes all the company’s daily concerns, such as customer needs, pricing decisions, supplier negotiations and managing product innovation.

Strategic risk: including making major long-term decisions on the company’s development direction, usually accompanied by major investments in capital, human resources and management reputation.

Reputational risk: refers to the risk that a company’s market position or brand suddenly declines and brings economic consequences.

In summary, each key risk type requires a specific set of skills and its own philosophical approach. For example, most banks view market and credit risk as a natural part of their business. They recognize that risk and reward are equally important. They are actively pursuing risky assets, such as specific credit components. At the same time, the increase in operational risks will not bring greater returns, so banks will try to avoid these risks as much as possible.

(2) Risk interaction

In actual work, we cannot look at the problem in isolation. When the types of risks affect and interact with each other, the risks will flow unpredictably and produce uncertain consequences.

Example 1: During a severe crisis, risks can range from credit risk to liquidity risk to market risk, such as the 2007-2009 global financial crisis.

Example 2: A company: unlucky traders’ “finger fat and mistyped input” (operational risk) will cause a dangerous market position (market risk) and may damage the company’s reputation (reputation risk).

Module 8: Risk aggregation

Risk aggregation means that given many different types of risks and risk measures, a key question arises: when the company’s total risk is close to an intolerable level, how should we see a bigger picture?

At this time, we can consider the value at risk VaR.

VaR uses the loss distribution associated with a position or portfolio to estimate the loss at a given level of probability (or confidence).

For example, the 5% risk value of a portfolio is $2.2 million in one day. Meaning: The estimated minimum loss in 5% of a day is $2.2 million.

Module 9: Balancing risk and reward

If a person wants a higher rate of return on average, he usually has to take more risks to weigh. But the transparency of the trade-off between risk and return has changed greatly, especially for non-publicly traded securities, because the pricing of such securities is less reliable than publicly traded securities.

We use the risk-adjusted return on capital (RAROC) to show the relationship between risk and return.

RAROC = return/risk

among them:

Return is the expected return after tax risk adjustment;

Risk is economic capital.

Economic capital or risk capital is the amount of capital required by a company based on its understanding of the economic risks of the banking industry.

Module 10: Comprehensive Risk Management (ERM)

In traditional risk management, business departments manage their risks in an isolated manner, where each department manages its own risk exposure independently, without considering the risk exposure of other departments.

Comprehensive risk management (ERM), which integrates all internal resources of the enterprise, carries out planned risk management for procurement, production, cost, inventory, distribution, transportation, finance, and human resources, so as to achieve the best combination of resources and achieve the best benefit. Comprehensive risk management (ERM) presents a broad picture of risk across risk types and business lines.

Based on the above content, this interpretation of the building blocks of risk management aims to understand and explain the concept of risk, to be able to compare risk management with risk taking, to distinguish between expected and unexpected losses, risks and rewards, and to evaluate and apply them to measure and Tools and procedures for managing risks; able to describe the elements of the building blocks, identify possible problems and challenges in the risk management process; able to describe and distinguish the main risk categories, explain how each risk is generated; able to explain how risk factors interact Role and describe the challenges in summarizing risk exposures; able to assess the impact of risk management tools and tools, including risk limits and derivatives.