The periodic table of risk elements
You know the periodic table of elements, even if you flunked your science courses! It is the large colorful and blocky table that hanged on every school’s classrooms before becoming yet another mobile app. The periodic table is one of the early and iconic achievements of science. It lists all the pure chemical elements found in nature, the building blocks of all possible material substances. Each block contains a set of numbers that unambiguously characterizes each element and a single or two letter abbreviation for each: H for Hydrogen, He for Helium and so forth, going on for over a hundred different elements. When the periodic table was discovered by Mendeleev (apparently in his dream!) it was an extraordinary realization that the physical world has an underlying order at the microscopic level. In his own words:
“I saw in a dream a table where all elements fell into place as required”
Many decades later scientists realized that the table is indeed a reflection that all of chemistry follows the laws of quantum mechanics, the laws that operate at the very smallest scale. Crucially, even before this second scientific breakthrough (which happened in the early 20st century) we could use the periodic table to predict new elements where none was known. And it worked. Searching for an empty spot on the table was a quick way to put your country’s name on a big discovery, for example, the Polonium (keep that element in mind)
Back to the real world of finance
Can we possibly dream of a periodic table of risk elements? Can we hope to make a neat classification of risk management phenomena, say within the narrower scope of the financial services industry, that could help with the understanding and developing the risk management discipline the way Mendeleev helped with chemistry? For example a tool to help us predict new risks where none was known before?
Well, we all know that financial risk management is more art than science (no offense art lovers), but could there possibly be some logic in the madness? After all the concept of a Risk Taxonomy and Risk Types is already used in various instances, even if more linked to regulatory frameworks rather than homegrown stuff. But, truth be told,
“you would not wake up with a dream of the current three risk silos (market, credit, operational risk) as the explanatory framework for all relevant manifestations of the risks facing a financial institution”
At least not unless you had a regulator’s dream. That is because these three risk categories were selected not because they form an integrated framework, but because regulators thought they are the minimal set of significant risks that need to be identified, quantified and capitalized. Since the crisis, regulators realized that this minimal set might not sufficient after all…
Completing the risk element table: the business engine
With the introduction of multi-period stress testing it became obvious that the overall business model of the firm needs to be abstracted for risk management purposes, something that was skillfully avoided in the past. In fact the – not so secret – aspiration before the crisis was the unification of risk management under a “Value-at-risk” approach that stresses the current balance sheet. While this approach has failed even where it should not have failed (namely in the market and credit risk space), the one area where it has experienced a fatal failure is operational risk. No amount of AMA simulation will hide the fact that operational risk is something that happens to the business engine, not the balance sheet.
The point to realise is that operational risk is a category abstracted by regulators by isolating a number of high impact risk events from a larger and somewhat fuzzy family of business risks. To understand better what business risk is we need to step back one more step.
“We need to see the financial firm as an engine of production build mostly out of people, computer chips, networks and software, busy building and distributing financial product to serve a diverse client base. Incidental in this activity is the production and modification of a more or less persistent balance sheet”
Pursuing the vain VaR grand unification, which applies only to a byproduct of financial services activity, has prevented meaningful risk management resources from focusing on understanding (and hopefully ultimately quantifying and helping manage) business and operational risks. The primacy of the business risk category over the balance sheet is shown by the fact that while you can have types of financial service provision with a tiny balance sheet (and hence also tiny balance sheet risks), you cannot have any business model (in a competitive market economy) without significant business risk.
We conclude that a key design feature of our risk element table must be addressing the duality of a business engine and the balance sheet being produced by that engine.
Completing the risk element table: Micro, Meso, Macro
We have some freedom on how to chose the other dimension of our periodic table. But imitating the scientific approach would almost certainly lead us to think in terms of scale/size and the degree of hierarchical aggregation. This dimension is relevant irrespective of whether we focus on the makeup of the firm’s clients (from individuals to countries), the components of the firm’s operations (from a specific transaction up to a business line), or the nature of underlying risk factors (idiosyncratic or systemic).
There you have it, with our second dimension now also decided we can try placing the risk elements in the table. Risks that are more micro in nature to the left, and risks that are more macro to the right. While economists talk incessantly about the micro/macro dichotomy, it might be useful to introduce also the intermediate category of “Meso” scale, which roughly matches sectoral level risks.
It all boils down to an app, the periodic table of risk elements! Check out the outcome here in our online app
Do tell us what you think!
P.S. How about that highly radioactive Polonium? Well, if you check our app you will see that Po stands as an abbreviation for “Political Risk”…