Thinking About Risk

thinking about exposures

By: Robert Wagner

April 22, 2017

As one of the initial steps of thinking about risks, I believe it is important to think about exposures.  When I begin to evaluate a particular risk management challenge, this is where I tend to begin.  In a risk management context exposures are the base building blocks into which we can break down a larger subject.  Exposures are mostly factual and descriptive, while risk estimates are almost by definition predictive and often subjective in nature.  The former is about studying what things are while the latter is about studying what may happen to those things under various conditions.  Risk can be thought of as the potential fluctuation and inter-relationships between the level of various exposures.

The dictionary definition of the word 'exposure' shows multiple meanings... the closest ones to my usage of the word seem to be: "A situation or condition that makes someone likely to be harmed especially because the person has not been protected from something dangerous" (1) and "The state of having no protection from something harmful or the action of placing oneself at risk of financial loss" (2).  I would perhaps tweak the definition a bit toward: an exposure can be almost anything (an asset or liability, a contract or a promise to do something, etc.) which provides the potential for a gain or loss as a result of changing conditions.  Gains or losses may be financial or non-financial in nature (for example a loss may be physical damage to something).

This all may sound extremely simplistic and obvious.  In my opinion, however, some of the largest failures tend to happen when too much focus is paid to quantitative risk models, which end up lacking in some key regard and as a result significantly under-estimate risk.  When the true extent of risk is eventually discovered, suddenly attention shifts to the underlying exposure, and everyone is horrified to realize how big it is (i.e. we thought we had non-material risk to subprime mortgages, maybe 1% of our equity, but now we find out we own a $50 billion pile of these things?!).

To illuminate this concept further, consider a simple example, a small bank with a book made up of three types of assets: operating loans to local businesses, residential mortgages, and personal credit lines.  The exposures could be defined as its overall loan book, or by its components across the three categories.  It would be relatively simple to establish the nominal or 'notional' exposure values as the total dollars lent to each if the three sectors.  Any number of variables may change in the environment potentially leading to fluctuations in the value of these assets, and a potential gain or loss for the bank.

Only in extreme examples would the risk of the bank equal its overall exposure... it would take a 100% reduction in value (in this case defaults across the board with zero recovery) for risk/loss to equal exposure.  In individual cases of course (think of any one individual loan) the chances are much higher this may happen.  However, as diversification grows within categories and across the three categories, definitions of risk get more and more complex and further and further removed from the concept of notional exposures.  While we may say that the worst that can happen is every loan going into default, in most cases that type of risk assessment will not be very helpful.

If we assume the bank in this example was financed with 9 dollars of debt for every dollar of equity, then a 10% reduction in the value of its assets would render the bank insolvent.  The higher the leverage the more precise the bank would like to be in estimating its risk, and a smaller decline it would take in the value of its exposures before serious problems would emerge.

As more and more focus and effort would be expended on more precise estimates of risk, my guess is that over time less and less time and effort would be spent on studying the underlying exposures.  The book may get too complex to regularly review in detail, and overall risk metrics such as value-at-risk would look very appealing as a neat short-cut to summarize it all in one number.  Going back to my notes on 'the frog' and 'the camel', it is under these circumstances that large exposures sometimes quietly build up under the cover of mistaken risk estimates.

Nearly all organizations involve a unique set of exposures and related risks in their activities.  Banks are obvious examples and so are insurance companies.  They build books of business around certain categories of exposures and manage risk accordingly.  The asset base of a large hotel company may cover many countries and climates, representing exposures that are subject to risks of various types of natural disasters, political and economic risks.  I think of valuable brands as another key exposure for many organizations subject to reputational risks, and competitive factors.

Exposures are usually easier to establish when compared to the development of complex risk estimates.  One of the most effective ways is to ask questions about risk estimates in a way that helps in understanding what level of detail about exposures was captured and what details were netted out or assumed away.  A discussion of risks should be as much a discussion about exposures if not more, than simply a review of statistical risk estimates.

I suspect in addition to finance, investments and trading, thinking about exposures could also be very helpful in industries such as health care, logistics, agriculture and even military strategies. As one moves away from relatively easy to define assets and liabilities toward more complex and harder to identify exposures (think about defining exposures to a viral breakout within a hospital) it requires more thinking and subjective input.

As a final thought on exposures, consider this simple rule of thumb.  Always find the largest number on the page and ask what it is.  It is the most obvious question, seemingly, but the obvious questions sometimes are not asked.  Find out more about the largest number. Sometimes small things mushroom into big problems, but more often it is the big things hiding in plain sight that can take down organizations when risk is under-estimated.  Detailed understanding and scrutiny of the largest exposures is a good way to start when thinking about risks.




(1) - Cambridge Dictionary
(2) - Oxford Dictionary