What is risk?
What is Risk?
Risk is the possibility of experiencing harm or loss.
People take risks for a good reason: To profit, to change their lives, to try another approach that is more promising. They take risks in the hope of a favorable outcome.
Sometimes risks have to do with exposure to changes. A change is always a risk. This is the reason we always authorize, test and document changes.
In non-technical contexts, the word risk refers, often rather vaguely, to situations in which it is possible but not certain that some undesirable event will occur.
In technical contexts, the word has several more specialized uses and meanings. Five of these are particularly important since they are widely used across disciplines:
1. Risk is an unwanted event which may or may not occur.
An example of this usage is: "Lung cancer is one of the major risks that affect smokers."
2. Risk is the cause of an unwanted event which may or may not occur.
An example of this usage is: "Smoking is by far the most important health risk in industrialized countries." (The unwanted event implicitly referred to here is a disease caused by smoking.)
3. Risk is the probability of an unwanted event which may or may not occur.
This usage is exemplified by the following statement: "The risk that a smoker's life is shortened by a smoking-related disease is about 50%."
4. Risk is the statistical expectation value of an unwanted event which may or may not occur.
The expectation value of a possible negative event is the product of its probability and some measure of its severity. It is common to use the number of killed persons as a measure of the severity of an accident. With this measure of severity, the risk associated with a potential accident is equal to the statistically expected number of deaths. Other measures of severity give rise to other measures of risk.
Although expectation values have been calculated since the 17th century, the use of the term "risk" in this sense is relatively new. Today it is the standard technical meaning of the term "risk" in many disciplines. It is regarded by some risk analysts as the only correct usage of the term.
5. Risk is the fact that a decision is made under conditions of known probabilities ("decision under risk" as opposed to "decision under uncertainty").
In a corporate or in a military environment, risk is a measure of future uncertainties in achieving performance goals and objectives within defined cost, schedule and performance constraints.
Risk can be associated with all aspects of a program (e.g., threat, technology maturity, supplier capability, design maturation, performance against plan).
Risk addresses the potential variation in the planned approach and its expected outcome. Such variation could include positive as well as negative effects.
There are many different types of risks.
All investments, for example, involve some degree of risk. In finance, risk refers to the degree of uncertainty and/or potential financial loss inherent in an investment decision.
In general, as investment risks rise, investors seek higher returns to compensate themselves for taking such risks. With a stock, you are purchasing a piece of ownership in a company. With a bond, you are loaning money to a company. Returns from both of these investments require that that the company stays in business. If a company goes bankrupt and its assets are liquidated, common stockholders are the last in line to share in the proceeds. If there are assets, the company's bondholders will be paid first, then holders of preferred stock. If you are a common stockholder, you get whatever is left, which may be nothing.
Credit risk. According to the Basel III framework, credit risk is defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. The goal of credit risk management is to maximise a bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions.
To learn more about Credit Risk you may visit: https://www.risk-officer.com/Credit_Risk.htm
Market risk. It arises from changes in market rates or prices (i.e. interest rates, foreign exchange rates, equity, commodity and property prices) or from inaccuracies in accounting for these risks.
According to the Basel III framework, market risk is defined as the risk of losses in on and off-balance-sheet positions arising from movements in market prices. The risks subject to this requirement are:
(1) The risks pertaining to interest rate related instruments and equities in the trading book;
(2) Foreign exchange risk and commodities risk throughout the bank.
To learn more about Market Risk you may visit: https://www.risk-officer.com/Market_Risk.htm
Operational risk. It arises from breakdowns or deficiencies in internal processes, technology failures, human errors, fraud and natural disasters.
According to the Basel III framework, operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.
Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.
To learn more about Operational Risk you may visit: https://www.risk-officer.com/Operational_Risk.htm
Compliance risk. It is the risk resulting from the failure to comply with laws (legislation, regulations and rules) and regulatory guidance, and the failure to appropriately address associated impact, including to customers. Compliance risk encompasses violations of applicable internal policies, program requirements, procedures, and standards.
To learn more about Compliance Risk you may visit: https://www.chief-compliance-officer.org/Compliance_Risk.html
Cyber Risk. It is the risk of loss from dependence on computer systems and digital technologies. It includes financial loss, operational disruption, or damage, from the failure of the digital technologies employed for informational and/or operational functions from the unauthorized access, use, disclosure, disruption, modification, or destruction of systems.
To learn more about Cyber Risk you may visit: https://www.risk-officer.com/Cyber_Risk.htm
Systemic risk. It is the risk of experiencing events or conditions that affect a number of systemically important intermediaries or markets (including potentially related infrastructures).
Systemic financial risk is the risk that an event will trigger a loss of economic value or confidence in a substantial portion of an industry, that has significant adverse effects on the real economy.
Systemic risk events can be sudden and unexpected, or the likelihood of their occurrence can build up through time in the absence of appropriate policy responses.
To learn more about Systemic Risk you may visit: https://www.risk-officer.com/Systemic_Risk.htm
Political risk. It is the risk that business could suffer because of instability or political changes in a country, conflicts, unrest, changes in regimes or governments, changes in relations between countries, and changes in a country's policies, business laws or investment regulations.
To learn more about Political Risk you may visit: https://www.risk-officer.com/Political_Risk.htm
Strategic risk. It is the risk to earnings, capital, or liquidity arising from adverse business decisions, improper implementation of strategic initiatives, or inadequate responses to changes in the external operating environment.
To learn more about Strategic Risk you may visit: https://www.risk-officer.com/Strategic_Risk.htm
Conduct Risk. The impact of poor business conduct has attracted more attention in recent years from regulators, supervisors, customers and all stakeholders. Fair customer treatment and the poor conduct of business affect individual customers and sectors as a whole, as they even give rise to systemic risks.
Significant market conduct failures can materially affect the confidence in particular products or sectors as whole. Risk management frameworks often focus on internal controls and financial soundness risks to the entity itself, and there is less emphasis on risks posed to the customers. Where firms and organizations do not embed a culture of fair treatment of customers within their governance frameworks and business processes, there is a high risk of poor customer outcomes that leads to reputation risk too.
To learn more about Conduct Risk you may visit: https://www.risk-officer.com/Conduct_Risk.htm
Reputation risk. It is the risk arising from the potential that negative stakeholder opinion or negative publicity regarding business practices, whether true or not, will adversely impact current or projected financial conditions and resilience, cause a decline in the customer base, or result in costly litigation. Stakeholders include employees, customers, communities, shareholders, regulators, elected officials, advocacy groups, and media organizations.
To learn more about Reputation Risk you may visit: https://www.risk-officer.com/Reputation_Risk.htm
Liquidity risk. In the ordinary course of business, firms enter into contractual obligations that may require future cash payments, including funding for customer loan requests, customer deposit maturities and withdrawals, debt service, leases for premises and equipment, and other cash commitments. The objective of effective liquidity management is to ensure that firms can meet their contractual obligations and other cash commitments efficiently under both normal operating conditions and under periods of market stress. To help achieve this objective, Boards must establish liquidity guidelines that require sufficient asset-based liquidity to cover potential funding requirements, and to avoid over-dependence on volatile, less reliable funding markets.
To learn more about Liquidity Risk you may visit: https://www.risk-officer.com/Liquidity_Risk.htm
Climate risk. Climate change is affecting every country on every continent, and it is disrupting national economies and business. Weather patterns are changing, sea levels are rising, and weather events are becoming more extreme.
Firms and organizations around the world understand the ways the changing climate might affect their business, and build a comprehensive climate risk management framework that combines strategies and measures aimed at reducing climate risks and addressing the increasing impacts of climate change.
To learn more about Climate Risk you may visit: https://www.risk-officer.com/Climate_Risk.htm
Emerging risks. These are new risks that may challenge us in the future. These risks have the potential to crystallise at some point in the future, but are unlikely to impact our business during the next year.
The outcome of such risks is often more uncertain. They may begin to evolve rapidly or simply not materialise. Firms must monitor their business activities and external and internal environments for new, emerging and changing risks to ensure these are managed appropriately.
To learn more about Emerging Risk you may visit: https://www.risk-officer.com/Emerging_Risk.htm
Some insurance and reinsurance related risks:
Longevity risk. It is the risk that individuals live longer than expected. It creates challenges, not only for the individual who needs an income for a period longer than expected after retirement, but also for the government, defined benefit retirement funds and life insurers who face retirement-related liabilities that increase as a result of improved life expectancy.
Longevity is the result of a complex interaction of various factors such as increased prosperity, healthier lifestyle, better education and progress in disease diagnostics and medical treatment, to mention a few.
Mortality risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from changes in the level, trend, or volatility of mortality rates, where an increase in the mortality rate leads to an increase in the value of insurance liabilities.
Disability – Morbidity risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from changes in the level, trend or volatility of disability, sickness and morbidity rates.
Life-expense risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from changes in the level, trend, or volatility of the expenses incurred in servicing insurance or reinsurance contracts.
Revision risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from fluctuations in the level, trend, or volatility of the revision rates applied to annuities, due to changes in the legal environment or in the state of health of the person insured.
Lapse risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from changes in the level or volatility of the rates of policy lapses, terminations, renewals and surrenders.
Life-catastrophe risk is the risk of loss, or of adverse change in the value of insurance liabilities, resulting from the significant uncertainty of pricing and provisioning assumptions related to extreme or irregular events.
Interest rate risk is the risk of the sensitivity to changes of the values of assets, liabilities and financial instruments in the term structure of interest rates, or in the volatility of interest rates.
Equity risk is the risk of the sensitivity to changes of the values of assets, liabilities and financial instruments in the level or in the volatility of market prices of equities.
Property risk is the risk of the sensitivity to changes of the values of assets, liabilities and financial instruments in the level or in the volatility of market prices of real estate.
Spread risk is the risk of the sensitivity to changes of the values of assets, liabilities and financial instruments in the level or in the volatility of credit spreads over the risk-free interest rate term structure.
Currency risk is the risk of the sensitivity to changes of the values of assets, liabilities and financial instruments in the level or in the volatility of currency exchange rates.
Market risk concentrations are additional risks to an insurance or reinsurance undertaking stemming either from lack of diversification in the asset portfolio or from large exposure to default risk by a single issuer of securities or a group of related issuers.
In the Reading Room (RR) of the association you can find our weekly newsletter - "Top risk and compliance management news stories and world events, that (for better or for worse) shaped the week's agenda, and what is next". Our Reading Room