In finance and our previous post, we often talk about risk management, when it is understood that we are talking about financial risk management. Risk managers are found in a number of fields outside of finance, including engineering, manufacturing, and medicine.
When civil engineers are designing a levee to hold back floodwaters, their risk analysis will likely include a forecast of the distribution of peak water levels. An engineer will often describe the probability that water levels will exceed the height of the levee in terms similar to those used by financial risk managers to describe the probability that losses in a portfolio will exceed a certain threshold.
In manufacturing, engineers will use risk management to assess the frequency of manufacturing defects. Motorola popularized the term Six Sigma to describe its goal to establish a manufacturing process where manufacturing defects were kept below 3.4 defects per million. (Confusingly the goal corresponds to 4.5 standard deviations for a normal distribution, not 6 standard deviations, but that’s another story.)
Similarly, financial risk managers will talk about big market moves as being three-sigma events or six-sigma events. Other areas of risk management can be valuable sources of techniques and terminology for financial risk management.
Within this broader field of risk management, though, how do we determine what is and is not financial risk management? One approach would be to define risk in terms of organizations, to say that financial risk management concerns itself with the risk of financial firms.
By this definition, assessing the risks faced by Goldman Sachs or a hedge fund is financial risk management. Whereas assessing the risks managed by the Army Corps of Engineers or NASA is not. A clear advantage of this approach is that it saves us from having to create a long list of activities that are the proper focus of financial risk management.
The assignment is unambiguous. If a task is being performed by a financial firm, it is within the scope of financial risk management. This definition is future proof as well. If HSBC, one of the world’s largest financial institutions, starts a new business line tomorrow, we do not have to ask ourselves if this new business line falls under the purview of financial risk management. Because HSBC is a financial firm, any risk associated with the new business line would be considered financial risk.
However, this approach is clearly too narrow, in that it excludes financial risks taken by nonfinancial firms. For example, auto manufacturers that provide financing for car buyers, large restaurant chains that hedge food prices with commodity futures and municipalities that issue bonds to finance infrastructure projects all face financial risk.
This approach may also be too broad, in that it also includes risks to financial firms that have little to do with finance. For instance, most financial firms rely on large, complex computer systems. Should a financial risk manager try to assess the probability of network crashes, or the relative risk of two database platforms?
The distribution of losses due to fires at bank branches? The risk of lawsuits arising from a new retail investment product? Lawsuits due to a new human resources policy? While a degree in finance might seem unlikely to prepare one to deal with these types of risk, in practice, the chief risk officer at a large financial firm often has a mandate which encompasses all types of risk. Similarly, regulators are concerned with risk to the financial system caused by financial firms, no matter where that risk comes from.
Because of this, many would define financial risk management to include all aspects of financial firms and the financial activities of nonfinancial firms. In recent years, the role of many financial risk professionals has expanded. Many welcome this increased responsibility, while others see it as potentially dangerous mission creep. If the financial risk is defined too broadly, risk managers may take responsibility for risks for which they have little or no expertise.
Another simple way to define financial risk management would be in terms of financial instruments. Defined this way, any risk arising from the use of financial instruments is within the scope of financial risk management.
By this definition, the financial risk arising from the use of an interest rate swap is within the scope of financial risk management. Whether the two parties involved are financial institutions or not. This is the definition preferred by many practitioners. Readers should be aware of both possibilities: that financial risk management can be defined in terms of financial firms or financial instruments.