In 2005 and 2006, I worked with a security software startup. The company had a superb technological approach that passively monitored Web application traffic, compared user activity from the most recent session with historical activity, and alerted security personnel to anomalies in user behavior that indicated fraudulent access. My initial goal was to focus the company’s marketing, which had been highly diffused, on the most promising market.
My timing was fortunate, in that several high profile security breaches had led the Federal Financial Institutions Examination Council (FFEIC) to recently issue an update to its guidelines on online customer authentication by financial institutions. This was the external driver that we used to focus our technical solution on a value proposition (fraud detection and regulatory compliance) for a specific application (online banking) in a highly regulated market (financial services).
Researching regulatory requirements for financial institutions was my first real exposure to risk assessment and management. It led me to the Basel Accords, specifically Basel II, which created an international banking standard that would guard against various types of financial and operational risks and protect the international financial system from the types of problems that might arise should a major bank or a series of banks collapse. Little did I realize, at the time, that the types of risk management practiced by global financial institutions would be tested very soon, and would be found sorely inadequate.
Since 2006, I’ve read several books about risk, in general, and, specifically, how the theoretical basis of financial risk management was circumvented, adulterated, and simply ignored by major financial institutions leading up to the global financial crisis that started to show its effects in 2007 and continues through today. This is the first in a series of posts that will review the books, and discuss the lessons I learned from each.
Against the Gods: The Remarkable Story of Risk
Any serious study of risk should start with this book. As the video interview with the author, Peter L. Bernstein, notes, he was an “economist, historian, and strategist.” All of these attributes are on display in this most interesting and entertaining historical survey of risk management, beginning with the invention of numbers and the writing of Liber Abaci, or Book of the Abacus, in 1202 AD by 27-year-old Leonardo Pisano, better known as Fibonacci.
The foundation of risk management is probability, or how likely or unlikely it is that a certain outcome will occur. From 1200 to 1700, many of the advancements in the science of probability were driven by men who shared two traits: a deep understanding of mathematics and a strong affinity for games of chance. In several cases, the latter trait manifested itself, quite clearly, as a gambling addiction.
But probability is only one of two indispensible (but, unfortunately, not inseparable) factors in risk management. The other is the consequence of the various outcomes, especially highly unlikely outcomes. For example, placing a $1 bet on a game of Russian Roulette, where your own head is the target, with a single bullet in a 100-chamber revolver for $100,000 has a 99% chance of success and only a 1% chance of failure (100000:1 return with a 99:1 probability of success). However, the consequence of failure—most likely death or severe brain damage—is sufficient to dissuade most people from accepting such compelling odds.
The book proceeds from 1700 to 1950 by tracing intersecting advances that contributed to a better understanding of risk from numerous disciplines including philosophy, logic, heredity, economics, statistics, chaos theory, game theory, and linear programming. Collectively, the various studies contributed to the following general understanding of risk management.
The essence of risk management lies in maximizing the areas where we have some control over the outcome while minimizing the areas where we have absolutely no control over the outcome and the linkage between effect and cause is hidden from us.
Surprisingly, at least to me, the field of investment risk management did not really start until June 1952 with the publication of a 14-page article in the Journal of Finance titled “Portfolio Selection.” Harry Markowitz, an unknown 25-year-old graduate student at the University of Chicago, authored the paper. His objective was to factor risk into the construction of a portfolio for investors who “consider expected return a desirable thing and variance of return an undesirable thing.” This led to Markowitz’s key insight of the strategic role of diversification in investment portfolio risk management.
The subject of the penultimate chapter titled “The Fantastic System of Side Bets,” is derivatives—the most sophisticated of financial instruments, the most intricate, the most arcane, and the most risky. To quote from the book, “This fantastic system of side bets is not based on old-fashioned human hunches but on calculations designed and monitored by computer wizards using abstruse mathematical formulas…developed by so-called quants, short for quantitative analysts.”
And this is the subject of the next book.
Comments