As noted in Chapter 1, the history of risk management has come to be associated with ever greater technical and calculative mastery of regularities in the natural world and human aVairs. The emergence of probability theory, and the rise of institutions for gathering population statistics formed the bedrock of the actuarial sciences and the foundations of life insurance (Alborn, 1996; Ericson and Doyle, 2004: chapter 2). In the 1960s, risk analysis came to be understood as a discipline in its own right and during the 1980s and 1990s the emergence of Wnancial economics, coupled to developments in Standardizing Risk Management / 69
information technology, intensiWed the management of Wnancial risk (Hacking, 2003; Whitley, 1986; Rosen, 2003a). Risk was to be studied, analysed, and calculated as volatility in Wnancial returns based on the mathematics of mean-variance analysis.
While it is well known in both theory and practice that risk calculation depends at critical junctures on human judgement, a technical ideal of risk understood as a product of the likelihood and impact of an event has been at the centre of the risk management collective imagination, deWning a broad community of specialists united in the belief that managing risk demands measurement. For this community ERM signiWes nothing less than a programme to develop a ‘whole of enterprise’ risk metric. Pressures for such a whole of business view became evident in the Weld of insurance when assumptions of risk transfer came to be challenged by large companies.
Critical of their existing, fragmented insurance strategies, and with an advanced grasp of their own loss experiences, some organizations preferred to retain and self-manage many risks which they might previously have transferred. Insurance organizations responded by developing risk manage-ment consultancy and advisory practices which, in the name of reducing client risk and premiums, increasingly focused on governance and risk control.3 Companies like BP Amoco in the 1990s calculated that premiums could be reduced by consolidating hitherto separate insurance lines.4 In this way ERM, as a demand for the identiWcation of all collective risks that aVect company value as a whole, could take into account the diversiWcation beneWts of viewing risks together which were traditionally managed and insured as separately deWned ‘lines’. ERM was managerially constructed in terms of improved recognition of ‘natural hedges’ and ‘unanticipated correlations’ across Wnancial risk categories within organizations (Rouyer, 2002). As a consequence, new multi-risk policies developed and led to a calculable beneWt in the form of reduced premium costs (Meulbroek, 2002b: 58), something which gave economic substance to the logic of oppor-tunity inherent in ERM. More generally, the conception of an enterprise as a portfolio of asset classes with corresponding risks is central to the idea of ERM as risk calculation and blurs the practical distinction between Wnancing and insuring.
The Wnancial risk management function has a recent history rooted in speciWc organizational experiences which were externalized and projected as a Weld of technical expertise (Field, 2002a). For example, material losses on 70 / Organized Uncertainty
mortgage-backed securities suVered at Merrill Lynch in March 1987 resulted in the creation of one of the Wrst dedicated risk management units in a Wnancial organization, albeit defensively oriented to prevent future events of a similar kind. In 1987, very few organizations had an explicit and formal risk management strategy; the role lacked credibility and a collectivized organ-izational memory or dramatology of risk events did not yet exist. In this early period the risk management function was more or less that of transaction clearance with right of veto, and there were no immediate pressures to institutionalize a new trans-organizational function. Indeed, over time the new unit created at Merrill lost power and existing techniques of risk analysis were relatively slow to Wnd an operational basis in Wrms (Wood, 2002b).
The analysis of Wnancial risk changed fundamentally in the 1990s for a number of reasons, not least perceptions about the potential for technology to support the applications of Wnance theory, challenges to regulatory conservatism for calculating capital, and pressures for a new performance culture for Wnancial institutions as part of a popular reform discourse.
Accordingly to Doherty (2000: 9–10), the fundamental theory of Wnance, in which returns on assets are always relative to risk, had made risk management a conceptually thinkable part of the corporate value creation process since the 1960s. However, though thinkable, that model had to wait until the early 1990s for an institutional climate of Wnancialization which was receptive to the general extension of advanced Wnance theory to organiza-tional practice, such as the modeling of ‘real options’ for strategic purposes (Rosen, 2003a; Ciborra, 2006; Shiller, 2003: chapter 5).5
An important event was the publication by J. P. Morgan in 1993 of its RiskMetrics technology for calculating capital at risk—the Wrst attempt at the
‘standardization’ of ‘value-at-risk’ (Kavanagh, 2003; Scaillet, 2003). This came at a time when banking regulators were discussing the potential to recognize
‘in-house’ risk models as a basis for assessing adequacy of capital for banks and other Wnancial institutions. The traditional approach to regulating the capital adequacy of Wnancial institutions by the hierarchical prescription of detailed rules, rules which in any case provided opportunities for creative arbitrage, was also being criticized for being anti-competitive and arbitrary (Mengle, 2003b). RiskMetrics was a treatise on the application of ‘value at risk’
techniques and an attempt to create an industry standard by a powerful organization.
Standardizing Risk Management / 71
Like most techniques of risk analysis, VaR is a hybrid, has many diVerent deWnitions and can be operationalized in a variety of ways—leading to diYculties in interpreting public disclosures (Wood et al., 2004). The general aspiration is to provide a measure of the potential trading Wnancial loss to a portfolio of assets arising from adverse market movements (Wilson, 1995).
VaR calculation seeks to show value ‘at risk’ in terms of a distribution of expected portfolio returns and expected losses over a holding period subject to a conWdence level. The idea of VaR has become increasingly recognized as legitimate for regulatory purposes as a form of decentralized risk assessment.
According to Jorion (2001a; 2001b), VaR is a simple integrating technology for risk management. Beyond its immediate application to market risk, it also has generic potential to provide a common Wnancial measurement frame-work for the ‘economic capital’ of a Wrm, understood both as capital at risk and as a buVer for unexpected shocks. As a quantiWcation of enterprise risk exposure over a period of time subject to a conWdence level, it is argued that the results of VaR modelling are relatively easily understood and visualizable for senior management in Wnancial institutions. Numerous applied textbooks have been published on VaR, texts which represent eVorts to standardize applied thinking in the area.
While some of the motivation for VaR as a standard for risk management was to counter regulatory conservatism, it had more to do with improving divisional control in Wnancial organizations and charging activities and trans-actions with a required return hurdle for risk. The case of Chase Manhattan (now J. P. Morgan Chase) Corporation in 1998 is an instructive example of this motivation. The bank became concerned that its assets were growing too fast and that its sales force was not making an appropriate trade-oV between risk and reward in developing new business.6 In particular, traders were not relating their new business to the risk capital required to support it. Conse-quently, the bank decided to introduce the practice of ‘Shareholder value-added’ (SVA), a technique by which the proWt of any business unit within the bank would be charged for capital, a variant of residual income methods for divisional control purposes. Thus, the ‘free’ cash Xow that supports share-holder value was reconceptualized as ‘free’ only after charging units for the portion of risk capital they required the business as a whole to keep in reserve.
The capital base on which such charges were computed was an allocated portion of the Wrm level risk, and this was calculated by two principal methods: value at risk (VaR) and related stress testing for diVerent classes of 72 / Organized Uncertainty
asset exposure (Bhasali, 2003). Thus, the organizational and institutional signiWcance of VaR analysis extends beyond the calculation of capital at risk at the level of a portfolio of assets. VaR has origins in organizational demands for transaction control. The principles are simple: proWt of a unit is calculated after a charge for capital at risk (Jorion, 2001b: 96) and this is commonly known as a risk adjusted return on capital (RAROC). The method presup-poses and requires the quantiWcation of capital at risk (e.g., using value at risk methodologies), which in turn allows the performance of diVerent units/
traders to be compared in terms of a ratio of net return to risk capital.
A wave of conferences and concept papers on RAROC in the early 1990s led to demands for a more ‘rigorous’ RAROC practice which ‘feeds oV a bank’s underlying risk models and data’.7 At the level of implementation, matters were complex: ‘if line managers can’t understand the approa-ch . . . RAROC can’t gain acceptance across a bank’ (Jameson, 2001a). Man-agers must become ‘comfortable’ with capital allocations based on RAROC and this is ‘partly a problem of bank politics and balance: making sure that senior managers support RAROC projects, that business lines are involved and that RAROC Wgures are neither rejected out of hand nor used uncrit-ically’ (Jameson, 2001a: 5). So, RAROC as an integrative risk measurement technology appears to have started life as part of a complex organizational politics, one potential tool among others in constraining decisions (Mikes, 2005): ‘ . . . while it is important to get the formula right, RAROC analyses are part of a longer term battle for the hearts and minds in an institution’
(Jameson, 2001a: 5). In reality getting traders in Wnancial Wrms to accept VaR based or other determinations of economic capital was, initially at least, a signiWcant behavioural constraint on their operationalization. Capital attribution to business units needs to be perceived as legitimate and an extensive practitioner literature suggests that these representations of capital at risk, even down to the level of individual transactions, can be highly adversarial within organizations. Consequently, normative commentaries continually emphasize the social support for measurement practices, namely the role of senior management buy-in, cultural commitment, and the need for champions of change (e.g., Cumming and Hirtle, 2001; Sullivan, 2001;
Nash et al., 2002). From this point of view, RAROC measures illustrate the general claim that risk analysis is not a self-suYcient practice of calculation.
The observation that rational calculation must be ‘sold’ to practitioners is not new. Studies of new accounting systems demonstrate the complex Standardizing Risk Management / 73
micro-politics of accounting change and the barriers to local institutionalization (Miller, 1994). The implementation of RAROC and economic capital systems based on VaR challenged existing practices and related power relations in bank-ing organizations, just as divisional performance measurement has done more generally (Mikes, 2005). From this point of view RAROC was, and is, more than a technical device for calculating a return. It is also a high-level idea for managerial control which has acquired legitimacy irrespective of its implementation frictions. RAROC principles have become part of ‘best practice’, codiWed and standardized in textbooks. In RAROC and the idea of
‘risk adjusted capital and returns’, the interests of regulators and of business can be linked. Through the idea of an integrative, calculative technology, regulatory objectives for system safety via a capital cushion could be imagined and aligned with managerial objectives for the eYcient allocation of resources and for performance appraisal. Both VaR and RAROC techniques in their most abstracted form have become calculative bearers of the enforced self-regulation ideal discussed in Chapter 2.8 Under the Basel 2 regulations banks have been permitted to use their own in-house models for determining a capital cushion for market risks since 1996. Although supervisors constrain the use of these in-house models, and apply arbitrary multipliers to capital levels, the changes in regula-tory philosophy have brought about increasing conceptual convergence between regulatory management of economic capital and internal business models.9
Changes in techniques co-construct organizational Welds and profes-sional identities (Robson et al., 2007) and the rise of the tools of VaR and RAROC have led to the creation of new agencies of calculation in organizations (Callon, 1998) and to a shift in the power and visibility of experts in organizations, armed with data and the authority to interpret.
Because of its basis in Wnancial mathematics, a new expert class of risk calculators in Wnancial organizations has been created (Mikes, 2006), whose hand has been strengthened by regulatory demands. Financial organiza-tions import much more than techniques; VaR and RAROC characterize a potential sub-culture in the form of teams of calculative experts and risk modelers with a distinctive technocratic conception of the risk manage-ment task. This calculative and analytical culture naturally extends its reach into new areas and new domains of model applicability—such as operational risk where a distinctive politics of calculation has come about (Chapter 4). Even though VaR techniques are heavily dependent on the 74 / Organized Uncertainty
availability of high frequency data sets and have developed most rapidly in the domain of ‘market risk’, their successful establishment as a body of abstract knowledge motivates their extension to other areas in an attempt to develop measures of ‘true economic risk’ for an enterprise. From this point of view VaR and RAROC are categories of practice which have made the relationship between shareholder value and risk management newly thinkable and actionable during the 1990s, providing a clear application of the logic and language of risk-return and a value or opportunity-based grammar for risk management in general.
The operational meaning of ERM for many risk specialists in Wnancial institutions is paradigmatically identiWed with risk capital metrics based on a version of VaR modelling. VaR is more than a technique; it represents the Wnancialization of governance. It is an idea which represents a risk-capital based concept of organizational control presided over by a new class of chief risk oYcers who talk up the organizational value of risk management. The calculative basis for VaR predates its increasing operational signiWcance in the 1990s for a variety of reasons. First, the interest in VaR was in part a rational response to volatility in Wnancial markets and the need to manage asset growth and trader behaviour more carefully in large Wnancial institu-tions by calculating risk-based returns. Second, it became institutionalized because of its appeal as a unifying, whole of entity approach aligned with the popular philosophy of shareholder value management. Third, it provided Wnancial organizations with a rational basis for contesting imposed regula-tory capital requirements, resulting eventually in the regularegula-tory recognition of in-house models for determining economic capital in the mid-1990s.
Fourth, VaR and RAROC signiWed an expansionary potential for abstract risk-metrics in new domains, an expansion made possible by the increasing liquidity of markets for a broader set of Wnancial instruments, thereby extending the boundaries for risk transfer and for the securitization of new assets, such as ‘weather bonds’ (Meulbroek, 2001; Porter, 2003). Yet, just as trends for Wnancialization placed no limit in principle to the mechanics of securitization or to what can be made into an insurable risk, demands for the governance and oversight of these processes also grew. Risk metrics like VaR, though originally conceived as calculative governance, would need to be embedded in an organizational accountability framework.
Standardizing Risk Management / 75