FE535: Introduction to Financial Risk Management

Session 1

Ethan Fang

School of Business
Stevens Institute of Technology

Fang (Stevens) Risk Management FE535

About Me

Ph.D. in Mathematics, with 15+ years professional experience,

include
Quantitative Modeling
Risk Management
Investment Quantitative Strategies

Other interests
Statistical Learning in Finance
Financial Networks and Analytics
Textual Analysis and Data Mining
Python Programming

Fang (Stevens) Risk Management FE535

This Class...

The class materials are available online at

[Link]

I will keep the website updated overtime

Syllabus
Slides
Handouts
Projects
Others

Fang (Stevens) Risk Management FE535

Global Association of Risk Professionals (GARP)

Academic Partner

Financial Risk Manager (FRM)

Scholarship cover exam fees (Part I only)
Deadline is near for May 2025 exam (see link)
Students from academic partners receive preferential considerations
Further Information
⋆ Link to GARP here
⋆ Link to slides by Dr. Lisa Ponti

Fang (Stevens) Risk Management FE535

 Introduction to Financial Risk
Management

Fang (Stevens) Risk Management FE535

The Building Blocks of Risk Management
Risk, in the most basic sense, is the possibility that bad things might
happen.

How we think about risk is the biggest determinant of whetherwe

identify risks
measure them properly
assess their impact - sensitivity
and succeed in managing them

Fang (Stevens) Risk Management FE535

Examples of Financial Risk Events

Market Risk
2008 Global Financial Crisis: Stock and credit markets crashed due to subprime mortgage exposure.
2020 COVID-19 Market Crash: Extreme volatility and market sell-offs triggered by pandemic fears.

Counterparty Credit Risk

2008 Lehman Brothers Bankruptcy: Default led to massive credit losses across financial institutions.
2023 Credit Suisse Collapse: Deteriorating credit quality resulted in a government-led takeover.

CVA Risk
2008 AIG Bailout: Mispriced counterparty risk in derivatives led to major losses.
2012 European Sovereign Debt Crisis: Rising CDS spreads increased CVA significantly.

Operational Risk
2012 Knight Capital Trading Glitch: Algorithmic error caused $440 million in losses within minutes.
2020 Wirecard Fraud Scandal: Internal fraud resulted in a €1.9 billion accounting hole.

Model Risk
2008 Subprime Mortgage Models: Flawed risk models underestimated default probabilities.
2012 JPMorgan "London Whale": Poor risk model oversight led to $6 billion in losses.

Liquidity Risk
2008 Bear Stearns Collapse: Liquidity crunch forced a fire sale and emergency rescue.
2023 SVB Bank Run: Rapid depositor withdrawals caused a liquidity crisis.

Fang (Stevens) Risk Management FE535

A Typology of Risks for The Banking Industry

Fang (Stevens) Risk Management FE535

Market Risk

Market prices and rates continually change, driving the value of secu-
rities and other assets up and down
These movements create the potential for loss, as price volatility is the engine
of market risk

General market risk is the risk that an asset class will fall in value
(systematic)
Specific market risk is the risk that an individual asset will fall in value
more than the general asset class (idiosyncratic)

For risk managers, mismatching between price movements creates what is

known basis risk
A position intended to hedge market price might do so imperfectly
covered in advanced linear risk hedging

Fang (Stevens) Risk Management FE535

OTC Derivative Notional Volumes by Risk Type

Fang (Stevens) Risk Management FE535

Credit Risk

Credit risk arises from the failure of one party to fulfill its financial
obligations to another party
Examples include
1 Failure to pay interest/principle on a loan
2 Downgrade risk, which leads to loss in value

Risk managers use sophisticated credit portfolio models to uncover po- tential
risk factors:
key financial ratios, industry sectors, etc
concentration versus diversification

Fang (Stevens) Risk Management FE535

Operational Risk

Operational risk can be defined as the“risk of loss resulting from inade-

quate or failed internal processes, people, and systems or from external
events.”
It includes legal risk, but excludes business, strategic, and reputational risk

The definition of operational risk broad

from anti-money laundering risk and cyber risk to risks of terrorist attacks and
rogue trading
corporate governance scandals, e.g. Enron 2001
Model Risk: the LTCM debacle in 1998

The outbreaks of rogue trading in the 1990s helped persuade regulators to

include operational risk in bank capital calculations

Fang (Stevens) Risk Management FE535

Liquidity Risk
Liquidity risk is used to describe two quite separate kinds of risk:
1 Funding Liquidity Risk limited access to cash to meet obligations or
investment
2 Market Liquidity Risk (Trading Liquidity Risk) is the risk of a loss in asset
value when markets temporarily seize up

Figure: Source from Afonso et al., 2011

Fang (Stevens) Risk Management FE535

Other Risks
Business and Strategic Risk
Business risk includes the usual business concerns, such as
consumer demand
pricing decisions
managing product innovation

Strategic risk involves making large, long-term decisions about the firm’s direction
often accompanied by major investments of capital, human resources, and
management reputation

Reputation Risk
Reputation risk is the danger that a firm will suffer a sudden fall in its market
standing/brand with economic consequences
losing customers or counterparties
A large failure in credit risk management can lead to rumors about a bank’s financial
soundness

Fang (Stevens) Risk Management FE535

Quantitative Risk Metrics
Risk managers face the unknown and unexpected. Expected loss is predictable and
manageable, unexpected loss reflects normal variability beyond expectations, and
extreme loss represents rare, catastrophic events that can lead to significant financial
distress.
Expected Loss (EL):

• Represents the average loss a firm can anticipate over time based on statistical analysis and historical data.
• It is relatively stable and predictable, allowing firms to treat it like an operational cost.
• Determined by factors such as probability of default (PD), exposure at default (EAD), and loss given
• default (LGD).
• Example: Routine credit losses in a well-diversified loan portfolio.

Unexpected Loss (UL):

• Represents deviations from the expected loss, occurring when actual losses exceed EL due to unforeseen events.
• It captures fluctuations that arise from adverse conditions, such as an unexpected fraud announcement or an unlucky
sequence of defaults.
• The variability depends on portfolio composition, diversification, and external factors such as macroeconomic changes.
• Example: A spike in loan defaults due to a sudden economic downturn.

Extreme Loss (Tail Risk):

• Refers to severe, rare losses that far exceed both expected and unexpected levels.
• These losses are often driven by systemic risks, long cycles of good and bad periods, or crises that are difficult to predict.
• Extreme losses can threaten solvency, requiring substantial risk capital allocation for protection.
• Example: A financial crisis triggering widespread loan defaults and collapsing collateral values, as seen in commercial real
estate (CRE) cycles.

Fang (Stevens) Risk Management FE535

Quantitative Risk Metrics
Risk managers face the challenge of understanding and quantifying aggregate risk across different
business units. Before modern risk measures, risk was often assessed using notional amounts (e.g., USD
10 million of assets) without considering volatility, leading to imprecise risk comparisons. Volatility,
especially in derivatives markets, made it necessary to develop better risk metrics.

VaR (Value-at-Risk) became popular due to its ability to aggregate risk across portfolios, though there were
different methods of calculating VaR, and it involved many simplifying assumptions.
Value-at-Risk (VaR):
• Measures the worst expected loss over a specified time period under normal market conditions at a given confidence level.
• Example: A 95% weekly VaR of $10 million implies a 5% chance of exceeding this loss.
• VaR depends on the confidence level and loss distribution, with fatter tails leading to higher risk estimates.
• A limitation of VaR is its inability to capture extreme tail risks.

VaR has well-known shortcomings, especially after the 2007-2009 financial crisis, which highlighted its
inability to capture all dimensions of risk. The reliance on VaR led to weaknesses that regulators have tried
to address by incorporating other supplementary measures like Expected Shortfall (ES) and worst-case
scenario analysis.
Expected Shortfall (ES) / Conditional VaR (CVaR):
• Addresses VaR's limitation by measuring the average loss beyond the VaR threshold.
• Provides a more comprehensive view of tail risk by considering extreme losses.
• Used to better assess the risk of portfolios prone to significant fluctuations.

Economic vs. Regulatory Capital:

• Economic capital is the amount of capital a firm needs based on its understanding of its risks, while regulatory capital follows
specific regulatory rules.
• Economic capital helps balance risk and reward, allowing firms to compare activities' profitability against their capital
requirements.

Fang (Stevens) Risk Management FE535

Risk Measurement Considerations
Risk Factor Breakdown:
The Expected Loss calculation demonstrates how important it is for risk analysts to break risk down into discrete risk
factors-in this case, PD, LGD, and EAD-and understand how these risk factors might interact over time and under stress
to generate losses.
• Risk factors are categorized into different types, including market, credit, operational, and liquidity risks.
• A key question concerns how granular each risk factor analysis should be. Ideally, risk managers would like to
understand every significant risk factor and analyze each factor's importance and dynamics through the data
available.

Tail Risk to Systemic Crisis:

Tail risk events (or outliers) might be rare, but a long enough time series of data should reveal evidence of their
existence. Where data are scarce, modern risk management can some times apply statistical tail risk techniques,
utilizing a branch of statistics called Extreme Value Theory (EVT) to help make tails more visible and to extract the most
useful information.
• Tail risk refers to rare and extreme events that lie in the "tails" of probability distributions (e.g., market crashes,
natural disasters).
• Example: The 2008 financial crisis was triggered by the collapse of subprime mortgage markets, creating a
systemic crisis that affected the entire global financial system.
• Unlike most mechanical and natural systems, human systems (such as financial markets) are subject to constant
structural change from levers such as social behavior, industry trends, regulatory reforms, and product innovations.

Conflicts of Interest (3 Lines of Defence):

The three lines of defense model ensures that risk management is independent and effective in identifying and
addressing conflicts of interest.
• First Line: Business line that generates, owns, and manages risk
• Second Line: Risk managers that specialize in risk management and day-to-day oversight
• Third Line: Periodic independent oversight and assurance, such as an internal audit.

Fang (Stevens) Risk Management FE535

Risk Management within Business Cycle

Fang (Stevens) Risk Management FE535

Risk Management Roadmap
Identify Risk Appetite:
• Define key corporate goals and associated risks.
• Decide whether and which risks to manage.
• Develop a broad risk appetite statement.

Map Risks and Make Choices:

• Identify and assess risks and their impacts.
• Conduct risk/reward and cost/benefit analyses.
• Select risk management strategies and tactics.
• Refine the risk appetite statement in detail.

Operationalize Risk Appetite:

• Translate risk appetite into practical limits and policies.
• Establish a risk limit framework.
• Allocate appropriate resources, expertise, and incentives.

Implement:
• Execute chosen risk management tactics and instruments.
• Make operational decisions and establish oversight.

Re-evaluate Regularly:

• Adapt to changes in risk appetite, business activities, and market conditions.

• Incorporate new tools and strategies based on ongoing assessments.

Fang (Stevens) Risk Management FE535

Risk Management Process and Strategies
After understanding the firm's risk appetite and identifying key risks, the risk manager must prioritize and decide how
to best handle each risk. This involves assessing severity, urgency, and the cost-benefit trade-offs of various
strategies to ensure alignment with the firm's objectives.

Risk Management Strategies:

• Retain: Accept certain risks fully or partially if they align with business goals or can be priced into products.
Some retained risks may be significant but strategically essential (e.g., commodity price risk).
• Avoid: Eliminate risks that are misaligned with business objectives, though complete avoidance may require
stopping certain activities.
• Mitigate: Reduce risks through measures such as collateral requirements or operational improvements to limit
exposure.
• Transfer: Shift risk to third parties via instruments like insurance, derivatives, or securitization, albeit at a
financial cost.

Decision-Making Considerations:

• Senior management and the board oversee major risk decisions, but risk managers play a key role in guiding
choices.
• The effectiveness of each strategy must be evaluated in terms of cost-efficiency and alignment with risk
appetite.
• Indirect costs, such as residual risks (e.g., basis risk in hedging), should be considered in the overall risk
management framework.

Challenges in Quantification:

• Some risks, such as cyber risk, are difficult to quantify and require a combination of worst-case analysis and
expert judgment.
• Decision-making often involves comparing different strategies, such as investing in mitigation versus
transferring risks, requiring both numerical analysis and qualitative business judgment.

Fang (Stevens) Risk Management FE535

Risk Limit Management

Fang (Stevens) Risk Management FE535

Credit Risk Transfer

Fang (Stevens) Risk Management FE535

Corporate Governance Principles for Banks

Fang (Stevens) Risk Management FE535

Corporate Governance Principles for Banks

Fang (Stevens) Risk Management FE535

Risk Management Framework

Fang (Stevens) Risk Management FE535

Enterprise Risk Management
Specific risk types, such as credit, market, and operational risk align with regulatory capital requirements under Basel
III. Managing risk within individual categories helps firms measure, aggregate, and decide whether to retain or hedge
risks effectively. However, focusing solely on specific risks can overlook how different exposures interact across the
enterprise.

Enterprise Risk Management (ERM) addresses this by providing a holistic view of a firm's total risk exposure, allowing
for better strategic decision-making. ERM enhances traditional, silo-based risk management by integrating risk
oversight at the senior management level, ensuring consistency across the organization. This approach helps firms
identify their most significant threats and maintain a consistent risk culture and governance framework, preventing
inconsistencies in risk-taking decisions across business units.

Fang (Stevens) Risk Management FE535