# Deserts of vast eternity

## INDUSTRY COMMENT

Macmillan's words came back to me a number of times over the past few weeks, as I listened to conference presentations and, courtesy of this august organ, read some academic papers on op risk. Again and again, I heard and read about the measurement of events and I kept asking myself, 'Whatever happened to the chain of cause-event-effect?'. Instead of researching that, we'll measure events, because that's a given and is what we've been told to do, whether or not the result is even half accurate, or the firm or the system becomes a safer or more certain place.

The imperfections of loss event data are too well-rehearsed to need another outing here. It was interesting, though, that even those academics confidently searching for a more precise measurement methodology highlighted the non-stationarity of loss events, the fact that banks tend to do something to prevent large events hitting them again, so that past history is but a remote guide to future exposure. Which rather blows the whole exercise significantly off course.

In the margins of one conference, I was talking to two eminent AMA operational risk heads. One told me that if people really wanted him to model to 99 point whatever, they should build in a tolerance of over 100%. At 95% he reckoned the tolerance came down to around 40%, and one of the academic papers I read mentioned a tolerance of 20% around the 90% quantile. Perhaps a pattern is emerging. The other told me he will come up with a figure to whatever percentile is required of him. "Do I believe it as a measure of my exposure?" he asked. "Of course not." But he'll produce the figure. Because that's what the regulators want (including the dreaded and irrelevant 56-cell matrix), and if we do it that way, they'll be happy. And if they're happy, our chief executive officers will be happy.

Loss event data may seem to be the only relatively hard facts we have to go on. Yet we know that the losses are heterogeneous, if only because events of the same type can have different causes, and the route from event to effect is similarly fraught. And large and currently relevant losses will never be statistically meaningful. But still we worry loss data to death to find the answer we want to see. Last March, the GIRO working party of the Institute of Actuaries published a paper on quantifying operational risk in general insurance companies.1 Their conclusion, which deserves a wider audience, suggested that if we are to quantify operational risk, we shall probably have to look to causal modelling, rather than use existing actuarial methodologies on loss events.

So, with Othello, I am tempted to cry, "It is the cause, my soul". Of course, that doesn't make the job any easier. But causes - and effects - are what we manage, rather than events per se. So a method that focuses more closely on those, allies itself to risk management and should point us to where we are truly exposed. We learn much from events, especially if we know how they came about and analyse those causes. But at our backs the winged chariots of the regulators sweep us along towards deserts of vast eternity, where we shall try to stretch those events well beyond their true usefulness.

The Centre for the Study of Financial Innovation recently published its annual 'Banana Skins' survey for 2005. Top of the list was 'Too much regulation' (whether that is the greatest risk to the system rather than the greatest irritant, I leave to you). One respondent, Stanley Epstein of Israel's Citadel Advantage consultancy, said: "Many organisations are wrongly assuming that operational risk regulation will keep them safe." I share his concern. Is there a danger we are letting the regulators do our thinking for us, perhaps by counting and calibrating loss data, and not really thinking it all through?

Those of you who have been to see 'Peter Pan' will remember the tearful moment near the end when Tinkerbelle appeals to the audience, "Do you believe in fairies?" and we all shout back "Yes". And the adults smile benignly at the children around them. Deep down, of course, the adults also want to believe. Sadly, life and operational risk are more difficult than that. OpRisk

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

#### More on Risk management

##### Risk Awards 2023: The winners

BNP Paribas takes top derivatives prize, lifetime award for Stephen Kealhofer, Nomura wins rates

##### Markets Technology Awards 2023: This year’s model

Vendors are offering greater modelling flexibility. What if that’s not enough?

##### Op risk data: Wells Fargo walloped to the tune of $1.7bn Also: AML breaches at Danske and Santander; Russia’s Radiotechbank scammed. Data by ORX News ##### Court allows lawsuit against Credit Suisse to proceed Shareholder alleges board and senior execs breached fiduciary duties by failing to oversee risk ##### NSCC and OCC to enhance co-operation on large cash calls New deal would improve management of options expiries, but will stop short of cross-margining ##### Capitolis registers swap dealer in strategy refresh Vendor’s SBSD registration may facilitate unique multi-seller platform for equity swap business ##### LME model quirk saved members$915m nickel margin

Report on March 2022 blow-up says CCP may need to “intervene” on deduction of VM gains from IM

##### Financial firms rethink after cyber insurance premium spike

Brokers say there are signs pressure is easing, but quantum hacking threat could transform market