- Last updated
- Save as PDF
- Page ID
- 24469
- Anonymous
- LibreTexts
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}}}\)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{#1}}} \)
\( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)
( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\id}{\mathrm{id}}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\kernel}{\mathrm{null}\,}\)
\( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\)
\( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\)
\( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)
\( \newcommand{\vectorA}[1]{\vec{#1}} % arrow\)
\( \newcommand{\vectorAt}[1]{\vec{\text{#1}}} % arrow\)
\( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}}}\)
\( \newcommand{\vectorC}[1]{\textbf{#1}}\)
\( \newcommand{\vectorD}[1]{\overrightarrow{#1}}\)
\( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}}\)
\( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}}}\)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{#1}}} \)
Learning Objectives
- In this section, you will learn what a risk professional meansby exposure.
- You will also learn several different ways to split riskexposures according to the risk types involved (pure versusspeculative, systemic versus idiosyncratic, diversifiable versusnondiversifiable).
- You will learn how enterprise-wide risk approaches combine riskcategories.
Most risk professionals define risk in terms of an expecteddeviation of an occurrence from what they expect—also known asanticipated variability. In common Englishlanguage, many people continue to use the word “risk” as a noun todescribe the enterprise, property, person, or activity that will beexposed to losses. In contrast, most insurance industry contractsand education and training materials use the termexposure to describe the enterprise, property,person, or activity facing a potential loss. So a house built onthe coast near Galveston, Texas, is called an “exposure unit” forthe potentiality of loss due to a hurricane. Throughout this text,we will use the terms “exposure” and “risk” to note those unitsthat are exposed to losses.
Pure versus Speculative Risk Exposures
Some people say that Eskimos have a dozen or so words to name ordescribe snow. Likewise, professional people who study risk useseveral words to designate what others intuitively and popularlyknow as “risk.” Professionals note several different ideas forrisk, depending on the particular aspect of the “consequences ofuncertainty” that they wish to consider. Using differentterminology to describe different aspects of risk allows riskprofessionals to reduce any confusion that might arise as theydiscuss risks.
As we noted in Table 1.2, risk professionals often differentiatebetween pure risk that features some chance ofloss and no chance of gain (e.g., fire risk, flood risk, etc.) andthose they refer to as speculative risk. Speculativerisks feature a chance to either gain or lose (includinginvestment risk, reputational risk, strategic risk, etc.). Thisdistinction fits well into Figure 1.3.1. The right-hand sidefocuses on speculative risk. The left-hand side represents purerisk. Risk professionals find this distinction useful todifferentiate between types of risk.
Some risks can be transferred to a third party—like an insurancecompany. These third parties can provide a useful “risk managementsolution.” Some situations, on the other hand, require risktransfers that use capital markets, known as hedging orsecuritizations. Hedging refers to activities thatare taken to reduce or eliminate risks.Securitization is the packaging and transferringof insurance risks to the capital markets through the issuance of afinancial security. We explain such risk retention in "4: Evolving Risk Management - Fundamental Tools" and "5: The Evolution of Risk Management - Enterprise RiskManagement". Risk retention is when a firmretains its risk. In essence it is self-insuring against adversecontingencies out of its own cash flows. For example, firms mightprefer to capture up-side return potential at the same time thatthey mitigate while mitigating the downside loss potential.
In the business environment, when evaluating the expectedfinancial returns from the introduction of a new product (whichrepresents speculative risk), other issues concerning productliability must be considered. Product liabilityrefers to the possibility that a manufacturer may be liable forharm caused by use of its product, even if the manufacturer wasreasonable in producing it.
Table 1.2 provides examples of the pure versus speculative risksdichotomy as a way to cross classify risks. The examples providedin Table 1.2 are not always a perfect fit into the pure versusspeculative risk dichotomy since each exposure might be regarded inalternative ways. Operational risks, for example, can be regardedas operations that can cause only loss or operations that canprovide also gain. However, if it is more specifically defined, therisks can be more clearly categorized.
The simultaneous consideration of pure and speculative riskswithin the objectives continuum of Figure 1.3.1 is an approach tomanaging risk, which is known as enterprise risk management(ERM). ERM is one of today’s key risk managementapproaches. It considers all risks simultaneously and manages riskin a holistic or enterprise-wide (and risk-wide) context. ERM waslisted by the Harvard Business Review as one of the keybreakthrough areas in their 2004 evaluation of strategic managementapproaches by top management.L. Buchanan, “Breakthrough Ideas for2004,” Harvard Business Review 2 (2004): 13–16. In today’senvironment, identifying, evaluating, and mitigating all risksconfronted by the entity is a key focus. Firms that are evaluatedby credit rating organizations such as Moody’s or Standard &Poor’s are required to show their activities in the areas ofenterprise risk management. As you will see in later chapters, therisk manager in businesses is no longer buried in the tranches ofthe enterprise. Risk managers are part of the executive team andare essential to achieving the main objectives of the enterprise. Apicture of the enterprise risk map of life insurers is shown laterin Figure \(\PageIndex{1}\).
| Pure Risk—Loss or No Loss Only | Speculative Risk—Possible Gains or Losses |
|---|---|
| Physical damage riskto property (at the enterprise level) such as caused by fire,flood, weather damage | Marketrisks: interest risk, foreign exchange risk, stock market risk |
| Liability riskexposure (such as products liability, premise liability, employmentpractice liability) | Reputational risk |
| Innovational ortechnical obsolescence risk | Brandrisk |
| Operational risk:mistakes in process or procedure that cause losses | Credit risk(at the individual enterprise level) |
| Mortality andmorbidity risk at the individual level | Productsuccess risk |
| Intellectual propertyviolation risks | Publicrelation risk |
| Environmental risks:water, air, hazardous-chemical, and other pollution; depletion ofresources; irreversible destruction of food chains | Populationchanges |
| Natural disasterdamage: floods, earthquakes, windstorms | Market forthe product risk |
| Man-made destructiverisks: nuclear risks, wars, unemployment, population changes,political risks | Regulatorychange risk |
| Mortality andmorbidity risk at the societal and global level (as in pandemics,social security program exposure, nationalize health care systems,etc.) | Politicalrisk |
| Accountingrisk | |
| Longevityrisk at the societal level | |
| Genetictesting and genetic engineering risk | |
| Investmentrisk | |
| Researchand development risk |
Within the class of pure risk exposures, it is common to furtherexplore risks by use of the dichotomy of personal property versusliability exposure risk.
Personal Loss Exposures—Personal Pure Risk
Because the financial consequences of all risk exposures areultimately borne by people (as individuals, stakeholders incorporations, or as taxpayers), it could be said that all exposuresare personal. Some risks, however, have a more direct impact onpeople’s individual lives. Exposure to premature death, sickness,disability, unemployment, and dependent old age are examples ofpersonal loss exposures when considered at the individual/personallevel. An organization may also experience loss from these eventswhen such events affect employees. For example, social supportprograms and employer-sponsored health or pension plan costs can beaffected by natural or man-made changes. The categorization isoften a matter of perspective. These events may be catastrophic oraccidental.
Property Loss Exposures—Property Pure Risk
Property owners face the possibility of both direct and indirect(consequential) losses. If a car is damaged in a collision, thedirect loss is the cost of repairs. If a firm experiences a fire inthe warehouse, the direct cost is the cost of rebuilding andreplacing inventory. Consequential or indirectlosses are nonphysical losses such as loss of business.For example, a firm losing its clients because of street closurewould be a consequential loss. Such losses include the time andeffort required to arrange for repairs, the loss of use of the caror warehouse while repairs are being made, and the additional costof replacement facilities or lost productivity. Propertyloss exposures are associated with both real property suchas buildings and personal property such as automobiles and thecontents of a building. A property is exposed to losses because ofaccidents or catastrophes such as floods or hurricanes.
Liability Loss Exposures—Liability Pure Risk
The legal system is designed to mitigate risks and is notintended to create new risks. However, it has the power oftransferring the risk from your shoulders to mine. Under most legalsystems, a party can be held responsible for the financialconsequences of causing damage to others. One is exposed to thepossibility of liability loss (loss caused by athird party who is considered at fault) by having to defend againsta lawsuit when he or she has in some way hurt other people. Theresponsible party may become legally obligated to pay for injury topersons or damage to property. Liability risk may occur because ofcatastrophic loss exposure or because of accidental loss exposure.Product liability is an illustrative example: a firm is responsiblefor compensating persons injured by supplying a defective product,which causes damage to an individual or another firm.
Catastrophic Loss Exposure and Fundamental or Systemic PureRisk
Catastrophic risk is a concentration of strong, positivelycorrelated risk exposures, such as many homes in the same location.A loss that is catastrophic and includes a large number ofexposures in a single location is considered a nonaccidental risk.All homes in the path will be damaged or destroyed when a floodoccurs. As such the flood impacts a large number of exposures, andas such, all these exposures are subject to what is called afundamental risk. Generally these types of risksare too pervasive to be undertaken by insurers and affect the wholeeconomy as opposed to accidental risk for an individual. Too manypeople or properties may be hurt or damaged in one location at once(and the insurer needs to worry about its own solvency). Hurricanesin Florida and the southern and eastern shores of the UnitedStates, floods in the Midwestern states, earthquakes in the westernstates, and terrorism attacks are the types of loss exposures thatare associated with fundamental risk. Fundamental risks aregenerally systemic and nondiversifiable.
Accidental Loss Exposure and Particular Pure Risk
Many pure risks arise due to accidental causes of loss, not dueto man-made or intentional ones (such as making a bad investment).As opposed to fundamental losses, noncatastrophic accidentallosses, such as those caused by fires, are considered particularrisks. Often, when the potential losses are reasonably bounded, arisk-transfer mechanism, such as insurance, can be used to handlethe financial consequences.
In summary, exposures are units that are exposed to possiblelosses. They can be people, businesses, properties, and nationsthat are at risk of experiencing losses. The term “exposures” isused to include all units subject to some potential loss.
Another possible categorization of exposures is as follows:
- Risks of nature
- Risks related to human nature (theft, burglary, embezzlement,fraud)
- Man-made risks
- Risks associated with data and knowledge
- Risks associated with the legal system (liability)—it does notcreate the risks but it may shift them to your arena
- Risks related to large systems: governments, armies, largebusiness organizations, political groups
- Intellectual property
Pure and speculative risks are not the only way one mightdichotomize risks. Another breakdown is between catastrophic risks,such as flood and hurricanes, as opposed to accidental losses suchas those caused by accidents such as fires. Another differentiationis by systemic or nondiversifiable risks, as opposed toidiosyncratic or diversifiable risks; this is explained below.
Diversifiable and Nondiversifiable Risks
As noted above, another important dichotomy risk professionalsuse is between diversifiable and nondiversifiable risk.Diversifiable risks are those that can have theiradverse consequences mitigated simply by having a well-diversifiedportfolio of risk exposures. For example, having some factorieslocated in nonearthquake areas or hotels placed in numerouslocations in the United States diversifies the risk. If oneproperty is damaged, the others are not subject to the samegeographical phenomenon causing the risks. A large number ofrelatively hom*ogeneous independent exposure units pooled togetherin a portfolio can make the average, or per exposure, unit lossmuch more predictable, and since these exposure units areindependent of each other, the per-unit consequences of the riskcan then be significantly reduced, sometimes to the point of beingignorable. These will be further explored in a later chapter aboutthe tools to mitigate risks. Diversification is the core of themodern portfolio theory in finance and in insurance. Risks, whichare idiosyncratic (with particular characteristicsthat are not shared by all) in nature, are often viewed as beingamenable to having their financial consequences reduced oreliminated by holding a well-diversified portfolio.
Systemic risks that are shared by all, on the other hand, suchas global warming, or movements of the entire economy such as thatprecipitated by the credit crisis of fall 2008, are considerednondiversifiable. Every asset or exposure in the portfolio isaffected. The negative effect does not go away by having moreelements in the portfolio. This will be discussed in detail belowand in later chapters. The field of risk management deals with bothdiversifiable and nondiversifiable risks. As the events ofSeptember 2008 have shown, contrary to some interpretations offinancial theory, the idiosyncratic risks of some banks could notalways be diversified away. These risks have shown they have theability to come back to bite (and poison) the entire enterprise andothers associated with them.
Table 1.3 provides examples of risk exposures by the categoriesof diversifiable and nondiversifiable risk exposures. Many of themare self explanatory, but the most important distinction is whetherthe risk is unique or idiosyncratic to a firm or not. For example,the reputation of a firm is unique to the firm. Destroying one’sreputation is not a systemic risk in the economy or themarket-place. On the other hand, market risk, such as devaluationof the dollar is systemic risk for all firms in the export orimport businesses. In Table 1.3 we provide examples of risks bythese categories. The examples are not complete and the student isinvited to add as many examples as desired.
| Diversifiable Risk—Idiosyncratic Risk | Nondiversifiable Risks—Systemic Risk |
|---|---|
| • Reputationalrisk | • Marketrisk |
| • Brandrisk | • Regulatoryrisk |
| • Credit risk(at the individual enterprise level) | • Environmentalrisk |
| • Productrisk | • Politicalrisk |
| • Legalrisk | • Inflation andrecession risk |
| • Physicaldamage risk (at the enterprise level) such as fire, flood, weatherdamage | • Accountingrisk |
| • Liabilityrisk (products liability, premise liability, employment practiceliability) | • Longevity riskat the societal level |
| • Innovationalor technical obsolesce risk | • Mortality andmorbidity risk at the societal and global level (pandemics, socialsecurity program exposure, nationalize health care systems,etc.) |
| • Operationalrisk | |
| • Strategicrisk | |
| • Longevityrisk at the individual level | |
| • Mortality andmorbidity risk at the individual level |
Enterprise Risks
As discussed above, the opportunities in the risks and the fearof losses encompass the holistic risk or the enterprise risk of anentity. The following is an example of the enterprise risks of lifeinsurers in a map in Figure \(\PageIndex{2}\).Etti G. Baranoff andThomas W. Sager, “Integrated Risk Management in Life InsuranceCompanies,” an award winning paper, International InsuranceSociety Seminar, Chicago, July 2006 and in Special Edition ofthe Geneva Papers on Risk and Insurance.
Since enterprise risk management is a key current concept today,the enterprise risk map of life insurers is offered here as anexample. Operational risks include public relations risks,environmental risks, and several others not detailed in the map inFigure 1.4.1. Because operational risks are so important, theyusually include a long list of risks from employment risks to theoperations of hardware and software for information systems.
Risks in the Limelight
Our great successes in innovation are also at the heart of thegreatest risks of our lives. An ongoing concern is the electronicrisk (e-risk) generated by the extensive use of computers,e-commerce, and the Internet. These risks are extensive and theexposures are becoming more defined. The box below illustrates thenewness and not-so-newness in our risks.
The Risks of E-exposures
Electronic risk, or e-risk, comes in many forms. Like anyproperty, computers are vulnerable to theft and employee damage(accidental or malicious). Certain components are susceptible toharm from magnetic or electrical disturbance or extremes oftemperature and humidity. More important than replaceable hardwareor software is the data they store; theft of proprietaryinformation costs companies billions of dollars. Most data theft isperpetrated by employees, but “netspionage”—electronic espionage byrival companies—is on the rise.
Companies that use the Internet commercially—who create and postcontent or sell services or merchandise—must follow the laws andregulations that traditional businesses do and are exposed to thesame risks. An online newsletter or e-zine can be sued for libel,defamation, invasion of privacy, or misappropriation (e.g.,reproducing a photograph without permission) under the same lawsthat apply to a print newspaper. Web site owners and companiesconducting business over the Internet have three major exposures toprotect: intellectual property (copyrights, patents, tradesecrets); security (against viruses and hackers); and businesscontinuity (in case of system crashes).
All of these losses are covered by insurance, right? Wrong. Somecoverage is provided through commercial property and liabilitypolicies, but traditional insurance policies were not designed toinclude e-risks. In fact, standard policies specifically excludedigital risks (or provide minimal coverage). Commercial propertypolicies cover physical damage to tangible assets—andcomputer data, software, programs, and networks are generally notcounted as tangible property. (U.S. courts are still debating theissue.)
This coverage gap can be bridged either by buying a rider orsupplemental coverage to the traditional policies or by purchasingspecial e-risk or e-commerce coverage. E-risk property policiescover damages to the insured’s computer system or Web site,including lost income because of a computer crash. An increasingnumber of insurers are offering e-commerce liability policies thatoffer protection in case the insured is sued for spreading acomputer virus, infringing on property or intellectual rights,invading privacy, and so forth.
Cybercrime is just one of the e-risk-related challenges facingtoday’s risk managers. They are preparing for it as the worldevolves faster around cyberspace, evidenced by record-breakingonline sales during the 2005 Christmas season.
Sources: Harry Croydon, “Making Sense ofCyber-Exposures,” National Underwriter, Property &Casualty/Risk & Benefits Management Edition, 17 June 2002;Joanne Wojcik, “Insurers Cut E-Risks from Policies,” BusinessInsurance, 10 September 2001; Various media resources at theend of 2005 such as Wall Street Journal and localnewspapers.
Today, there is no media that is not discussing the risks thatbrought us to the calamity we are enduring during our currentfinancial crisis. Thus, as opposed to the megacatastrophes of 2001and 2005, our concentration is on the failure of risk management inthe area of speculative risks or the opportunity in risks and notas much on the pure risk. A case at point is the little mediacoverage of the devastation of Galveston Island from Hurricane Ikeduring the financial crisis of September 2008. The following boxdescribes the risks of the first decade of the new millennium.
Risks in the New Millennium
While man-made and natural disasters are the stamps of thisdecade, another type of man-made disaster marks thisperiod.Reprinted with permission from the author; Etti G. Baranoff,“Risk Management and Insurance During the Decade of September 11,”in The Day that Changed Everything? An Interdisciplinary Seriesof Edited Volumes on the Impact of 9/11, vol. 2. Innovativefinancial products without appropriate underwriting and riskmanagement coupled with greed and lack of corporate controlsbrought us to the credit crisis of 2007 and 2008 and the deepestrecession in a generation. The capital market has become animportant player in the area of risk management with creative newfinancial instruments, such as Catastrophe Bonds and securitizedinstruments. However, the creativity and innovation also introducednew risky instruments, such as credit default swaps andmortgage-backed securities. Lack of careful underwriting ofmortgages coupled with lack of understanding of the new creative“insurance” default swaps instruments and the resulting instabilityof the two largest remaining bond insurers are at the heart of thecurrent credit crisis.
As such, within only one decade we see the escalation in newrisk exposures at an accelerated rate. This decade can be named“the decade of extreme risks with inadequate riskmanagement.” The late 1990s saw extreme risks with the stockmarket bubble without concrete financial theory. This was followedby the worst terrorist attack in a magnitude not experienced beforeon U.S. soil. The corporate corruption at extreme levels incorporations such as Enron just deepened the sense of extremerisks. The natural disasters of Katrina, Rita, and Wilma added tothe extreme risks and were exacerbated by extraordinarymismanagement. Today, the extreme risks of mismanaged innovationsin the financial markets combined with greed are stretching thefield of risk management to new levels of governmental and privatecontrols.
However, did the myopic concentration on terrorism risk derailthe holistic view of risk management and preparedness? Theaftermath of Katrina is a testimonial to the lack of riskmanagement. The increase of awareness and usage of enterprise riskmanagement (ERM) post–September 11 failed to encompass the alreadywell-known risks of high-category hurricanes on the sustainabilityof New Orleans levies. The newly created holistic Homeland Securityagency, which houses FEMA, not only did not initiate steps to avoidthe disaster, it also did not take the appropriate steps to reducethe suffering of those afflicted once the risk materialized. Thisoutcome also points to the importance of having a committedstakeholder who is vested in the outcome and cares to lower andmitigate the risk. Since the insurance industry did not own therisk of flood, there was a gap in the risk management. The focus onterrorism risk could be regarded as a contributing factor to theneglect of the natural disasters risk in New Orleans. The groundwas fertile for mishandling the extreme hurricane catastrophes.Therefore, from such a viewpoint, it can be argued that September11 derailed our comprehensive national risk management andcontributed indirectly to the worsening of the effects of HurricaneKatrina.
Furthermore, in an era of financial technology and creation ofinnovative modeling for predicting the most infrequentcatastrophes, the innovation and growth in human capacity is at theroot of the current credit crisis. While the innovation allowsfirms such as Risk Management Solutions (RMS) and AIR Worldwide toprovide modelshttp://www.rms.com,www.iso.com/index.php?option=com_content&task=view&id=932&Itemid=587, andwww.iso.com/index.php?option=com_content&task=view&id=930&Itemid=585. thatpredict potential man-made and natural catastrophes, financialtechnology also advanced the creation of financial instruments,such as credit default derivatives and mortgage-backed securities.The creation of the products provided “black boxes” understood byfew and without appropriate risk management. Engineers,mathematicians, and quantitatively talented people moved from thelow-paying jobs in their respective fields into Wall Street. Theyused their skills to create models and new products but lacked thebusiness acumen and the required safety net understanding to ensureproduct sustenance. Management of large financial institutionsglobally enjoyed the new creativity and endorsed the adoption ofthe new products without clear understanding of their potentialimpact or just because of greed. This lack of risk management is atthe heart of the credit crisis of 2008. No wonder the credit ratingorganizations are now adding ERM scores to their ratings ofcompanies.
The following quote is a key to today’s risk managementdiscipline: “Risk management has been a significant part of theinsurance industry…, but in recent times it has developed a widercurrency as an emerging management philosophy across the globe….The challenge facing the risk management practitioner of thetwenty-first century is not just breaking free of the mantra thatrisk management is all about insurance, and if we have insurance,then we have managed our risks, but rather being accepted as aprovider of advice and service to the risk makers and the risktakers at all levels within the enterprise. It is the risk makersand the risk takers who must be the owners of risk and accountablefor its effective management.”Laurent Condamin, Jean-Paul Louisot,and Patrick Maim, “Risk Quantification: Management, Diagnosis andHedging” (Chichester, UK: John Wiley & Sons Ltd., 2006).
Key Takeaways
- You should be able to delineate the main categories of risks:pure versus speculative, diversifiable versus nondiversifiable,idiosyncratic versus systemic.
- You should also understand the general concept ofenterprise-wide risk.
- Try to illustrate each cross classification of risk withexamples.
- Can you discuss the risks of our decade?
Discussion Questions
- Name the main categories of risks.
- Provide examples of risk categories.
- How would you classify the risks embedded in the financialcrisis of fall 2008 within each of cross-classification?
- How does e-risk fit into the categories of risk?
