Model Control Life Cycle

Life Cycle

At the center of ERM is the implementation of the model control life cycle. There are four components:

  1. Analyze and determine the key risks to which an entity is exposed,
  2. Design and implement models to estimate the impact of the risks,
  3. Simulate and aggregate and allocate results to quantify the capital impact of the risks, and
  4. Evaluate, report, and determine the strengths and weaknesses of the models. Once these steps are complete, you return to step 1 to determine how to improve the models or how to add another risk to the existing set of models.

So, as you continue to pursue your career in enterprise risk management, you will find that multiple skills are required to implement and maintain the ERM model life cycle. The first is to have the ability to examine an entity such as a company, line of business or a country and determine various risks to which that entity is exposed. This risk assessment skill is central to step one above. Also, using risk assessments, you will determine which risks will be in or out of scope for that specific model cycle.

After determining which risks are in scope, the second skill you develop is the ability to design and implement the models to estimate the impact of these risks, which meets step two of the life cycle. The final skill emphasized in this blog is the ability to use the models to simulate and aggregate the results, which corresponds to step three.



Dependency continued

I agree with Carlos that reading what Paul Embrechts has been saying about dependence modeling over the last 20 years is extremely useful and enlightening.   A link to one of his papers with Filip Lindskog and Alexander McNeil is Modelling Dependence with Copulas and Applications to Risk Management. A great read and an excellence reference to consider when trying to set up your dependency models.

Random Dice
Dice Thought Experiment

Thought Experiment

In the next few paragraphs I’m going to describe a thought experiment that may give some insight on how to think of the use of copulas in dependency models or dependency in general.

Imagine that you have a set of dice that has multiple sides. Each die represents a single risk. Also, that die has as many faces as the possible number of outcomes of the risk it represents. Now say that you have a portfolio of risks and your set of dice corresponds to that portfolio.


If you throw your dice individually, then there will be little to no interaction between the separate risks and you could say that the results of the dice are independent from one another. If you throw them all at once, maybe from a dice cup, there will be a small interaction between the dice that touch. However, if you throw the dice hard enough you might be able to assume that each dice doesn’t affect the faces that turn up on the other dice, but they would be affected more by the environment where they land. If you throw them on a infinitely flat table, they would all be affected similarly. However, if the surface is irregular then where the dice land would be affected by the local “geography” of the surface.

Copula Dice
Dependent Dice


Now assume that you some way tie the dice to each other. Or perhaps you place the dice in a clear mesh bag. Now if you toss the bag and enumerate the separate dice faces, you now have a situation where the mesh bag effects the entire process. The results of the enumeration of the dice would then depend on the individual die, the relationship forced upon them by the mesh bag and also the environment of where the bag lands.


Realize too that the area of each die’s face doesn’t have to be the same for each face, so the die may be biased and may land on larger faces and this can affect the enumeration as well.

So now you can see where multiple ways that dependency can arise. It could arise from each separate die, the interaction between the separate dice, the constraints of the tossing of the dice and the environment that the dice land.

Materiality Dependency

If you are modeling risk dependency, you may want to model no dependency, all types of dependency combined, or separate types of dependency.  It is all relative to the materiality of the risks and their interaction.

Continue reading “Dependency continued”

Independence Dependence Correlation


It may be odd that we are going to talk about dependency between risks before we talk about individual risks, but this issue is so key to ERM modeling that it is best to discuss it out of order.

Some of the largest ERM failures is frequently where a complex interrelationship between multiple risks causes a company failure.   The Black Swan events that Taleb is famous for discussing arises from this complex interplay between the government, company management, human frailty and the market.

Unfortunate Events


The Lemony Snicket book “A Series of Unfortunate Events” has led to the frequently used media phrase of “a confluence of unfortunate events”.   Since 2008, we have seen these interactions and ERM modeling has become obsessed with how to model them correctly.

In my first blog, I discussed how different techniques are used to model ERM.  The first one that was used by casualty actuaries and the Credit Derivatives market is the use of copulas or correlation matrices to set up the dependence modeling between the separate risks.  However, the Great Recession has led to the deterministic modeling in ERM.  This was because the banks were required to use multiple deterministic scenarios within their models to give them insight of the impact of the intradependency of the various risks that their book of business was exposed.  Again, Sim Segal’s ERM book discusses this approach and all of the issues behind this.

In the older ERM modeling methods, where dependency is a model assumption such as the use of correlation matrices or copulas, or the dependency that is a natural result of using the same set of stochastic scenarios in all (or most) of the corporate models, be able to come to a deep understanding of how separate risk affect each other is much more difficult than using Sim’s Value Added modeling approach.

Portfolio Effect


However, realize before the meltdown, dependency modeling was actually considered a positive component to ERM because through that assumption, a company’s economic capital was lower.  The idea of a portfolio effect was a major selling point for a company to introduce ERM.  This is where managment were led to believe that the interaction between their risks would actually help offset each other and so they would need to hold less capital that may be required by a regulator or a rating agency.  It was (and still is) a very popular idea that lower capital requirements gives  your company greater flexibility in their decisions and makes them more competitive.  However, historically the company equity is in a sense the last line of self-insurance that a company has to be able to continue to exist in bad times or because of bad decisions.

Model Use (Post 3)

After a corporate model is constructed the practitioner uses the results in several ways. Some of these are:

  1. Gain insight on the business modeled.
  2. Determine risks to the company.
  3. Observe the scenarios that give adverse model results.
  4. Increase reserves, create hedges or make product enhancements to reduce the risk exposure or adverse results.

The internal company standards and the external regulatory controls require the practitioner to determine risk levels from corporate models. It is of paramount importance to understand the impact that different economic drivers, product designs or investment/disinvestment strategies have on the behavior of a corporate model. This includes the determination of when (and how often) model results from scenarios fall in ‘bad’ locations. This knowledge allows one to interpret the potential magnitude of the company’s risk exposure.  While adverse results occur relatively infrequently in scenario testing (unless alternative volatility assumptions are considered), the practitioner desires to gain more knowledge of these adverse results without paying the cost of projecting additional scenarios to increase the number of “hits” in the region of adverse results needed for statistical validity.

These adverse locations are discovered by first placing a valuation of economic capital on the company’s position, scenario by scenario. These valuations are then sorted and put in an increasing or decreasing order. From these ordered results, the location of the adverse results is found at either the highest or lowest valuations. The study and analysis of ordered or sorted samples is done using either order or extreme value statistics or the theory of records. Due to modeling cost, we have a need to approximate the relationship between the input economic scenarios and the EC output results without additional computer processing. Also, if one is able to target the location of adverse results when developing this relationship, all the better.

Through a model office or a corporate model and more-so our understanding arising from the use of those models strengthens our decision making. Frequently, we make reasoned decisions using a few deterministic scenarios instead of a full suite of stochastic scenarios, however, though we understand the underlying mechanics, we do not understand the likelihood of the impact of a risk unless we use a larger suite. As we use more scenarios, complexity increases and we may lose our understanding of the mechanics and we encounter the proverbial situation of not being able to see the forest because of all of the trees in view. But ignorance that arises from complexity is not always a bad thing. It forces the modeler or the business professional to broaden their skill set to gain deeper insight and this leads to further product improvements or at least an understanding of model limitations.

From the advance of technology there are new techniques from predictive analytics or data science that can be applied to these complex situations, and allow us draw understanding between the scenario input and the corporate results.


Model Use (Continued)

It is important to keep a clear perspective when using multiple economic scenarios in computer simulations. We can gain significant insight about the risk exposure from the economy using stochastic simulation. By examining multiple possibilities, we can protect ourselves as best as feasible. We realize that only one path actually emerges as in the recent economic meltdown. Therefore, the practitioner must continually evaluate the economy and make reasoned business decisions to maintain existing business and to acquire new business.

The risk appetite of company management must also govern these business decisions. Insolvency must be considered and avoided. However, the practitioner cannot remove all risk of insolvency, because the cost of the
associated hedges becomes so prohibitive that the company is unable to conduct business. Accordingly, the practitioner should understand where the product or business line places the company at risk and be able to communicate to upper management the specific risk exposure.

ERM practitioners, valuation actuaries, asset/liability management actuaries, CFOs and CROs of insurance companies confront issues that are vast and complex, including:

  1. Calculating the probability and/or impact of bankruptcy either by scenario testing or by determining the company’s value at risk.
  2. Determining the initial capital allocation for a new line of business.
  3. Assuring that reserves\index{Reserves} are adequate for new and existing lines of business.
  4. Understanding how different lines of business are sensitive to the level of interest rates\index{Interest Rates}, corporate spreads, volatility of other economic
    indicators (such as stock indices), and the changes in the levels of these variables.
  5. Estimating other risks to which the company is exposed in a timely fashion.
  6. Pricing complex policy features to obtain profitability, while maintaining a competitive market position.
  7. Aiding in the design and pricing of dynamic hedges to reduce the risk of extreme events.
  8. Designing and pricing the securitization of various cashflows to reduce risk based capital requirements and various types of reserves such as XXX or AXXX.
  9. Revising and designing investment strategies to improve the return on assets that back company liabilities.

All of the above issues require timely and accurate valuation of different complex corporate models. When conducting the analysis on models the practitioner goes through the following model life cycle:

  1. Collect relevant data.
  2. Make relevant assumptions.
  3. Construct the model.
  4. Validate the model for reasonableness.
  5. Apply the model to solve a problem or understand the impact of changing conditions.
  6. Revise the model.

Model Use – Strengths and Weaknesses

In industry, regulation and/or professional standards require us to conduct computer simulations on different lines of business to determine when the business performs poorly. We model our business as accurately as possible, allowing for interest and asset performance, changing prices and expense loads. In addition, we often make many other assumptions such as the term structure of interest rates, future interest rates, projected stock market returns, asset default probabilities, psychology, and the relationships of our decrements to the level of interest rates or the stock market. Computer simulations reveal the behavior of the business relative to these assumptions. We do not know the actual statistical distribution of our business model results. We assume that the computer simulation results are representative (within some degree of confidence) in certain areas of interest, such as the extreme tail. We need to determine if our models are valid (again within some degree of confidence). If valid, then we calculate either economic capital or stand-alone capital within the accuracy of these computer models. In addition, we want to observe the potential risks associated with either the enterprise, product or line of business.

Computer simulations of complex corporate models become very expensive in processing time as the number of scenarios increases. The need to obtain a timely answer often outweighs the need for information from additional scenarios.

Most computer business models are limited by the knowledge that we have about the basic assumptions used. We must be careful in how we think about and use these models. At a fundamental level, the models are neither correct nor assumed to be accurate. However, the benefit of using the computer to model actual business products and lines is that we can obtain an understanding of the different risks to which that product or line is exposed. Once we have this understanding, we can consider several methods to reduce the impact of any given risk. Such methods include product redesign, reserve strengthening, deferred expense write downs, asset hedging strategies, stopping rules (rules that recommend when to get out of a market), derivative positions, or over-capitalization.

Once we gain basic understanding of the risks and design, say, a hedging strategy, we must remember that these models are not accurate, due to oversimplification of the model, lack of knowledge and insight, lack of confidence in the assumptions, or incorrect computer code. We cannot trust the model output as the “truth,” but we can trust the knowledge and insight that we gain from the process of modeling. If done correctly we know both the strengths and weaknesses of the model. For instance, when constructing a hedge to protect against the risks demonstrated by the model, we must not implement a hedge that optimizes against areas of model weakness. Ultimately, the model does not tell us what to do, but the model does make us more informed to make better business decisions.

Motivation of ERM Models

In the first blog we discussed the four major methods that are used as the basis of ERM models.  However, other that my discussion around deterministic ERM modeling, I did not discuss why earlier ERM models were stochastic.  The stochastic models were developed to estimate an enterprise’s economic capital.  I will discuss capital modeling in a later post, but consider economic capital to be a measure of a company’s value based on the actual risks that a company is exposed to either by choice or by environment.

Financial institutions have several capital requirements placed upon them to insure their continued health and assuring their ability to meet their financial obligations.  Frequently, these requirements are placed upon them by external organizations such as regulators, rating agencies and stock analysts.  Fiscally responsible enterprises do manage their business using these external capital models, but at the same time there are uniquely positioned to understand their product and their risks, so the development of their own internal capital model would give them a much better understanding of their business.

ERM Modeling Recipes Blog

Enterprise Risk Management is a complex interaction between modeling risk and managing it. Today, I just want to discuss briefly the different styles of modeling risk.

The oldest and in some ways the most simplest to create is the stochastic model.  Here you determine the best statistical distribution that will simulate a specific risk.  As you develop these for each risk, these will be the marginals distributions that you use when you construct the multivariate distribution.  This multivariate distribution will be then used to simulate all of your risks and their interactions with each other.  Frequently, when you are aggregating your risks, you likely don’t know how the separate risks interact.  How these interact will become a major assumption in the construction of your model.

The second and more accurate modeling method is to develop stochastic scenarios, which are then used within all of your separate risk models.  The advantage of this is that the interactions between separate risks are completed determined from these scenarios.  However, the interaction assumption is now replaced by the design and creation of multiple scenarios that will task your separate risk models.  This approach, where it is more accurate regarding dependencies, immediately adds a complexity that may add days, weeks or months to the overall model design and even to the processing required to make capital estimates.

The third modeling methods is the use of proxy models.  Here, you may use scenario models to create a large set of cash flows and then you fit a model to those results such that the model can quickly process many scenarios.  Here you again have the interaction issue dealt with, but now you have a risk model of a risk model.

The fourth model is a deterministic model.  Here the need to determine economic capital is not considered.  For instance, economic capital modeling is the primary reason to use stochastic and stochastic scenario methods.  The use of deterministic scenarios to understand various risks within a company is mostly an outgrowth of the financial meltdown of the late 2000’s. Most banks had to demonstrate how their capital models were affected by various scenarios that were specified by regulatory agencies.    The deterministic approach gives a company an understanding of how their financial models are affected by various economic conditions.  Also, since the scenarios are either designed by regulators or by internal managers, the use of multiple scenarios at one time can demonstrate the interaction between these scenarios.  As has been observed over the past 10 years, frequently the Black Swan conditions arise when there is multiple interacting events that had never been anticipated.  Sim Segal’s book Corporate Value of Enterprise Risk Management: The Next Step in Business Management is an excellent source that outline how to manage using determinsitic scenarios.