Failure to Account for Known and Unknown Risks

One more reason for the failure of risk management is that some of the important risks get ignored. This can take two different forms.

Known risks are ignored: In this case the risk manager ignores a known risk. This could be because the manager thinks that it’s not a material (important) risk. It could also be because the risk could not be incorporated in the risk model.

If a firm has a truly enterprise-wide risk management systems, then it will be able to capture all the risks. However, that is often not the case. For example, the firm may have centralized risk management systems, but many risks are managed independently and then integrated into the centralized system. Sometimes due to costs or other reasons, some risks may not get fully reported which might turn bigger with the passage of time.

In most organizations, due to regulations and convention, risk is typically separated into market risk, credit risk, and operational risk. This categorization is quite fictional and there are actually a lot of dependencies among these risks. Due to this reason, all the risks caused by a particular action may not get caputured. For example, a financial instrument may not just increase a firm’s market risk, but may also contribute to its credit risk which might get ignored. Similarly, Basel II has a very narrow definition of operational risk. However, normal business, not covered by Basel II’s definition of operational risk may actually be very important.

Risk was Unknown: This is the case where the risk was totally unknown to the risk manager. The unknown risks do not cause too much threat to the risk management decisions. As long as the manager understands his distribution, he does not have to worry about the specific risk causing the losses. For example, if as per his distribution assumptions, there is a 1% chance of a loss of more than 50%, then if an actual loss occurs because of a specific risk, the manager’s lack of knowledge of this unknown risk is irrelevant.

This article is based on the paper “Risk Management Failures: What are They and When Do They Happen?” by Rene M. Slutz, which is a part of the FRM syllabus.