EVOLUTION OF RISK MANAGEMENT PRODUCTS INTRODUCTION Risk management began to be studied after World War II. Risk management has long been associated with the use of market insurance to protect individuals and companies from various losses associated with accidents but in 1982, Crockford wrote: “Operational convenience continues to dictate that pure and speculative risks should be handled by different functions within a company, even though theory may argue for them being managed as one. For practical purposes, therefore, the emphasis of risk management continues to be on pure risks.” In this remark, speculative risks were mote related to financial risks than to the current definition of speculative risks, New forms of pure risk management emerged during the mid-1950s as alternatives to market insurance when different types of insurance coverage became very costly and incomplete. Several business risks were costly or impossible to insure. During the 1960s, contingent planning activities were developed, and various risk prevention or self-protection activities and self-insurance instruments against some losses were put in place. Protection activities and coverage for work-related illnesses and accidents also arose at companies during this period. The use of derivatives as instruments to manage insurable and uninsurable risk began in the 1970s, and developed very quickly during the 1980s. It was also in the 1980s that companies began to consider financial management or risk portfolios. Financial risk management has become complementary to pure risk management for many companies. Financial institutions, including banks and insurance companies, intensified their market and credit risk management activities during the 1980s. Operational risk and liquidity risk management emerged in the 1990s. Intemational regulation of risk also began in the 1990s. Financial institutions developed intemal risk ‘management models and capital calculation formulas to protect themselves from unanticipated risks and reduce regulatory capital. At the same time, governance of risk management became essential, integrated risk management was introduced, and the first risk manager positions were created. In the wake of various scandals and bankrupteies resulting from poor risk management, the Sarbanes- Oxley regulation was introduced in the United States in 2002, stipulating governance rules for all companies. Stock exchanges, including the NYSE in 2002 and more specifically the listed companies. However, all these regulations, rules, and risk management methods did not suffice to prevent the financial crisis that began in 2007. It is not necessarily the regulation of risks and governance rules that were inefficient, but rather their application and enforcement. It is well known that stakeholders in various markets regularly skirt the regulation and rules. However, it seems that deviant actions had become much more common in the years preceding the financial crisis, a trend the regulatory authorities did not, anticipate, notice, or, evidently, reprimand.HISTORY OF RISK MANAGEME! Insurance and risk management Risk management is a relatively recent corporate function, Historical milestones are helpful to illustrate its evolution. Modern risk management started after 1955. Since the early 1970s, the concept of financial risk management evolved considerably. Notably, risk management has become less limited to ‘market insurance coverage, which is now considered a competing protection tool that complements several other risk management activities. After World War II, large companies with diversified portfolios of physical assets began to develop self-insurance against risks, which they covered as effectively as insurers for many small risks. Self-insurance covers the financial consequences of an adverse event or losses from. an accident. A simple self-insurance activity involves creating a fairly liquid reserve of funds to cover losses resulting from an accident or a negative market fluctuation. Risk mitigation, now frequently used to reduce the financial consequences of natural catastrophes, is a form of self-insurance. Self-protection activities have also become very important. This type of activity affects the probabilities of losses or costs before they arise. It can also affect the conditional distribution of losses ex ante, Accident prevention is the most natural form of self-protection. Precaution is a form of self- protection applied to suspected but undefined events for which the probabilities and financial consequences are unknown, All protection and prevention activities are part of risk management. The concept of risk management in the financial sector was revolutionized in the 1970s, when financial risk management became a priority for many companies including banks, insurers, and non-financial enterprises exposed to various price fluctuations such as risk related to interest rates, stock market retums, exchange rates, and the prices of raw materials or commodities This revolution was sparked by the major increase in the price fluctuations mentioned above. In particular, fixed currency parities disappeared, and prices of commodities became much more volatile. The risks of natural catastrophe also magnified considerably. Historically, to protect themselves from these financial risks, companies used balance sheets or real activities (liquidity reserves). To increase flexibility or to reduce the cost of traditional hedging activities, derivatives were then increasingly used. Derivatives are contracts that protect the holder from certain risks. Their value depends on the value and volatility of the underlier, or of the assets or value indices on which the contracts are based. The best- known derivatives are forwards, options, futures, and swaps. Derivatives were first viewed as forms of insurance to protect individuals and companies from major fluctuations in risks, However, speculation quickly arose in various markets, creating other risks that are increasingly difficult to control or manage. In addition, the proliferation of derivatives made it very difficult to assess companies’ global risks (specifically aggregating and identifying functional forms of distribution of prices or returns). At the same time, the definition of risk management became more general. Risk management decisions are now financial decisions that must be evaluated based on their effect on firm or portfolio value, rather than on how well they cover certain risks. This change in the definition applies particularly to large public corporations, which, ironically, may be the companies that least need risk protection (apart from speculation risk), because they are able to naturally diversify much more easily than small companies. In particular, shareholders can diversify their portfolios on financial markets at a much lower cost than the companies whose shares they hold. MILESTONES IN THE HISTORY OF RISK MANAGEMENT1730 First futures contracts on the price of rice in Japan 2010 1864 First futures contracts on agricultural products at the Chicago Board of Trade 1900———-Louis Bachelier’s thesis “Théorie de la Spéculation”, Brownian motion 1932 First issue of the Journal of Risk and Insurance 1946 First issue of the Journal of Finance 1952 Publication of Markowitz’s article “Portfolio Selection” 1961-1966 Treynor, Sharpe, Lintner and Mossin develop the CAPM 1963___Arrow introduces optimal insurance, moral hazard, and adverse selection 1972 Futures contracts on currencies at the Chicago Mercantile Exchange 1973 Option valuation formulas by Black and Scholes and Merton 1974 Merton’s default risk model 1977 ___ Interest rate models by Vasicek and Cox, Ingersoll and Ross (1985) 1980-1990 __ Exotic options, swaptions and stock derivatives 1979-1982 First OTC contracts in the form of swaps: currency and interest rate swaps. 1985 Creation of the Swap Dealers Association, which established the OTC exchange standards 1987 First risk management department in a bank (Merrill Lynch) 1988 Basel Late 1980s__ Value at risk (VaR) and calculation of optimal capital 1992__Article by Heath, Jarrow and Morton on the forward rate curve 1992___ Integrated Risk Management 1992 RiskMetries 1994-1995 First bankruptcies associated with misuse (or speculation) of derivatives: Procter and Gamble (manufacturer, rates derivatives, 1994), Orange County (management funds, derivatives on financial securities, 1994) and Barings (futures, 1995) 1997 __ Credit Metrics 1997-1998 _ Asian and Russian crisis and Longterm credit management(LTCM) collapse 2001 Enron bankruptcy 2002 New governance rules by Sarbanes-Oxley and NYSE 2004 Basel II 2007 Beginning of the financial cris 2009 __ Solvency II (not yet implemented in March 2013) Basel IIMAIN DATES OF THE LAUNCHING OF DERIVATIVES AND STRUCTURED FINANCIAL PRODUCTS 1970 Currency swaps 1972 Foreign currency futures 1973, Equity options 1979 Over-the-counter currency options 1981_Cross-currency interest rate swaps 1983, Equity index options 1983_Interest rate caps/floors 1983, Swaptions 1985 Asset back securities (ABS) 1987 Path-dependent options (Asian, {987 Tookback, etc.) “992 Collateralized debt obligations (CDO) [993 CAT and futures insurance options “\o0g Captions /Floortions “Joog Credit default swaps (CDS) “J997 CAT bonds Spor Weather derivatives Collateralized fund obligations (CFO)Current definition of risk management The goal of risk management is to create a reference framework that will allow companies to handle risk and uncertainty. Risks are present in nearly all of firms’ financial and economic activities. The risk identification, assessment, and management process is part of companies’ strategic development; it must be designed and planned at the highest level, namely the board of directors. An integrated risk management approach must evaluate, control, and monitor all risks and their dependences to which the company is exposed. In general, a pure risk is a combination of the probability or frequency of an event and its consequences, which is usually negative. It can be measured by the volatility of results but higher moments of the distribution are often necessary. Uncertainty is less precise because the probability of an uncertain event is often unknown, as is its consequence. In this case, we would refer to precautionary rather than preventive activities to protect against uncertainty. Lastly, financial risk consists in undertaking opportunistic activities related to future risks that may generate positive or negative results In this article, risk management is defined as a set of financial or operational activities that maximize the value of a company or a portfolio by reducing the costs associated with cash flow volatility, The main risk management activities are diversification and risk hedging using various instruments, including derivatives and structured products, market insurance, self-insurance, and self-protection. The main costs firms seek to minimize are costs of financial distress, risk premium to partners (stakeholders), expected income taxes, and investment financing. Managers’ behavior toward risk (risk appetite and risk aversion) and corporate governance also affect the choice of risk management, activities. There are five main risks: pure risk (insurable or not, and not necessarily exogenous in the presence of moral hazard); market risk (variation in prices of commodities, exchange rates, asset returns); default risk (probability of default, recovery rate, exposure at default); operational risk (employee errors, fraud, IT system breakdown);liquidity risk: risk of not possessing sufficient funds to meet short-term financial obligations without affecting prices. May degenerate into default risk. FINANCIAL CRISIS OF 2007 AND STRUCTURED FINANCE Structured finance includes all advanced financial arrangements that serve to refinance and effectively hedge against credit risk in all economic activities. It changed the role of banks and insurers and the functioning of financial and money markets. In several countries, structured finance is now a very important economic activity that has completely transformed the link between borrowers, lenders, and investors. During the last financial crisis, some banks declared bankruptcy, and government and central banks had to rescue many other financial institutions, These bailouts protected financial markets over the short term, but did not solve the fundamental problems behind the crisis. Structured finance is often cited as the cause of the last financial crisis. However, this cause-and-effect relation is not evident. Most likely, the crisis that shook the world is due to poor risk management, namely agency problems in the securitization of mortgage debt, poor rating and structured product pricing criteria, conflicts of interest among rating agencies, lack of market transparency, the quest for high returns by top executives of financial institutions, and the inability of central banks and regulatory agencies to fully grasp all the implications of the new financial environment. We can isolate four major risk management problems linked to the structured finance ‘market during this period 1. Lack of incentive contracts in the presence of information asymmetry Banks and real estate mortgage brokers had little incentive to be vigilant and monitor real estate borrowers’ risk because a large portion of their loans were securitized without an optimal contractual clause in the presence of moral hazard, ‘They were thus able to transfer all their default risk (and hence losses) to financial markets. As a result, these front-line institutions were less inclined to be vigilant about their customers” default risk. Adverse selection was also present: BBB financial products (minimum rating to accessCDOs) were sold to trust companies, whereas some were actually BB products with supplemental guarantees provided by insurers via CDS. 2. Poor valuation of structured products by rating agencies As stakeholders in securitization, intermediaries buy long-term assets such as mortgage loans and finance them with asset-backed securities such as ABCPs and CDOs. Obtaining a high rating from rating agencies is essential to profitability. When the financial crisis began in 2007, ABCPs were downgraded and intermediaries could no longer roll over their commercial paper. They were consequently obliged to request funding from their sponsors or lose money. This led to the decline of several banks and a liquidity crisis in several markets such as commercial paper in Canada, contaminated by American products. In the same period, CDOs generated profits by repackaging pools of risky loans and selling them in the form of bond tranches. The profits associated with this structuring activity are larger when the produets have a higher credit rating However, it was difficult for rating agencies to value these increasingly complex assets, because they lacked suitable models or data. They therefore rated these tranches as they would for regular bonds, without considering the real correlations between the tranches of the structured products. It was also very difficult for buyers of these tranches to monitor and replicate the ratings of these structured produets, because they too lacked adequate data or models 3. Poor pricing of complex financial products Another cause of the 2007 crisis is the price of structured financial instruments, which is often too low and does not reflect their true risk exposure. These products contained systemic risks not considered in pricing. Systemic risk appears when events in one market affect other markets. For example, when difficulties occurred with an ABCP, several money market managers transferred their orders to the Treasury Billl market, thus raising prices and lowering returns. These externalities were amplified by a lack of market transparency. In the case of ABCP in Canada, many investors did not know, in 2007, whether these products were contaminated by US or other subprime products, but rumors abounded. We now know that only a few trust companies, which signed the Montréal Accord, held contaminated products, representing 6% of the risk exposure. The rumors of the presence of subprime products made the markets illiquid, foreing several investors such as pension funds and hedge funds to sell good assets at a discount, thus reducing their value.4. Poor regulation of structured finance It is important to note that current risk regulation is limited to banks. Pension funds and hedge funds are not regulated in most countries. The Basel II regulation is to blame here, because it significantly reduced the capital required for AAA assets, including the bonds of European countries. Banks were therefore attracted to these bonds and the new AAA structured products, while the sellers were motivated to obtain the AAA rating for these products. This phenomenon increased the pressure on rating agencies. The AAA ratings of these products also significantly affected the purchasing behavior of pension funds, insurance companies, and mutual funds. Although Treasury Bills offered lower rates, they did not truly represent the lowest risks to investors, who based their decisions solely on the only AAA ratings issued by rating agen: Several lessons must be learned to improve risk management, The first is to always apply the basic risk management rules regardless of the economic context. Many investors lost large sums during the financial crisis for the following reasons: Executives’ risk appetite is often not defined; Integrated risk management is not well-established in many companies; Independent risk management policies are not supported by top management. Before the financial crisis, underestimation of default and liquidity risk of new structured financial produets signaled poor risk management. Several products were introduced in the years preceding the crisis, and many investors adopted them without clearly understanding the risk because they lacked appropriate instruments to evaluate it. They therefore purchased these complex financial products as if they were standard products, without performing backtesting and stress testing on the real risks that these products represented. The risk management test function became obsolete for the top management of many funds and companies, which effectively delegated their credit risk analysis to rating agencies. These agencies evidently exhibited dubious knowledge, ethics, and independence.Issuers of structured products need to be more responsible. They must retain a large fraction of the baskets of loans they issue, possibly the entire equity tranche and a fraction of the more senior tranches in the presence of risk correlation between tranches. This should heighten the incentive to apply better risk management in loan issuance and obtain better portfolios of loans to securitize Greater transparency is required in the tranching of structured products. Market participants and researchers should be able to replicate their composition, and public databases containing this information should be offered. The growing complexity of structured financial products poses major challenges related to effective management and dissemination of information. More transparency is therefore indispensable in the credit market, particularly when loans are securitized. The rating of these products also requires more transparency. Any good researcher or investor can validate standard bond ratings because the data are available and the rating methods can be replicated. This should also be true for structured products; greater ‘transparency in the pricing of these products is necessary. Institutional changes in several countries are needed to reinforce independence or reduce vulnerability to externalities of international markets. Institutions must understand the technology available. Common data collection and affordable communication methods between financial institutions should produce effective tools to verify and replicate the analyses of agencies’ ratings and the packaging of trust companies’ structured products. These data should be available to all groups of investors, similar to market data, The ABCP market in Canada would not have collapsed in 2007 if the market had been more transparent, because we now know that only 6% of its volume was contaminated by American subprime products. Firms’ top management and board of directors must base their investment decisions primarily on risk management. They must use detailed information on integrated risk ‘management at their company and weigh these risks against those of new investments. The board of directors of financial institutions should be made up of individuals who understand the risks of derivatives and structured products. The risk managementcommittee must actively monitor the firm's risks. Top executives’ risk appetite must be defined, known, and monitored by the board. The Chief Risk Officer (CRO) is a senior vice-president of risk management or the equivalent. The CRO must have decision-making powers rather than passively monitor risk measurement and analysis. This officer must report to the CEO and periodically meet with the board of directors. Some specialists even suggest that the CRO should have veto rights over transactions considered too risky. The CRO’s office must be independent from all of the company's business units. All important transactions must be analyzed rigorously ex ante using appropriate data models designed for product rating, pricing, and testing. This implies increased investment in risk management for many investors and for pension and hedge funds, along with greater transparency and appropriate risk disclosure. These recommendations may seem difficult to apply for money market investors, who must manage numerous assets with 30-day terms to maturity, Appropriate tisk management is even more crucial form these investors. If necessary, new forms of risk analysis must be developed in cooperation with independent and transparent agencies that are free of real or perceived conflict of interest. CONCLUSION The purpose of this paper was to present a historical review of risk management. In addition to outlining the important dates, we discussed the objectives of risk ‘management and criticized its application in the years preceding the latest financial crisis, The first conclusion is that risk management must encompass more than simply minimizing the company's risk exposure. The objective of risk management is to maximize firm value via the reduction of costs associated with different risks. The main costs that companies incur are financial distress, income taxes, financing of future investment projects, and premiums payable to stakeholders. Risk management can also improve the firm's capital structure, which suggests that companies in good financial health should use their information advantage to establishstrategies to hedge future prices. Companies also need integrated risk management, which would let them profit from different forms of natural coverage within the company. Companies can use internal activities and market activities to protect themselves from risks, The most widespread intemal activities are prevention of financial risks and accidents (self-protection) and reduction of the financial consequences of an accident (risk retention, self-insurance, liquidity reserves). Market insurance is a form of protection for losses related to pure risks that cannot be covered by the company. Derivatives are additional instruments that protect companies from unanticipated financial losses. Risk management is part of corporate governance. Its main orientations must be defined by the board of directors and must be monitored by independent, competent directors in the audit committee or the risk management committee for companies highly exposed to various risks, such as financial institutions, ‘Nonetheless, financial institutions face a particular problem. Their risk positions, which are intended to increase their returns, expose their customers (holders of deposits and insurance contracts) to major losses. This justifies the actual regulation of the risks of banks and insurance companies. Recent history shows that international regulation of large financial institutions has failed in several respects: unfortunately, itis the taxpayers who have had to shoulder the cost of the indiscipline of executives of large financial institutions. Regulation can also create perverse unanticipated effects on financial institutions. In conclusion, effective regulation of financial institutions apparently remains elusive despite the immense progress seen in the last 25 years.