In this chapter, we study risks associated with movements of interest rates in financial markets. We begin with a brief discussion of the term structure of interest rates. We then discuss commonly used interest rate sensitive securities. This is followed by the study of different measures of sensitivity to interest rates, including duration and convexity. We consider mitigating interest rate risk through hedging and immunization. Finally, we take a more in-depth look at the drivers of interest rate term structure dynamics.

In this chapter, we present the frequency-severity model, which is implicit in common risk calculations used in practice. In this model, the total loss from a risk, or set of risks, is treated as a random sum of random, identically distributed individual losses. If the frequency and severity random variables are independent, then the mean and variance of the aggregate loss can easily be calculated from the moments of the frequency and severity distributions. However, numerical methods are usually required for other metrics, such as quantiles or expected shortfall. We show how to implement these methods and discuss the limitations of this type of model, arising from the independence assumptions.

In this chapter, we consider qualitative and quantitative aspects of risk related to the development, implementation, and uses of quantitative models in enterprise risk management (ERM). First, we discuss the different ways that model risk arises, including defective models, inappropriate applications, and inadequate or inappropriate interpretation of the results. We consider the lifecycle of a model – from development, through regular updating and revision, to the decommissioning stage. We review quantitative approaches to measuring model and parameter uncertainty, based on a Bayesian framework. Finally, we discuss some aspects of model governance, and some potential methods for mitigating model risk.

In this chapter, we review the different methods available to a firm that wants to transfer risk. First, we consider the traditional route of insurance, or reinsurance. We describe the different types of insurance contracts, and analyse their advantages and disadvantages. We then consider captive insurance companies, which are insurance companies that are owned by the organization that is transferring risk. Next, we discuss securitization of risk, where risk is packaged into investments that are sold off in the capital markets. One of the most interesting examples of securitized insurance risk is the catastrophe bond, or cat bond. We also look at examples of securitization of demographic risk, through pandemic bonds and longevity derivatives.

A taxonomy is a classification system. In this chapter, we present a risk taxonomy, by which we mean that we shall categorize and describe all the major risks that may be faced by a firm or institution. We will describe risks that arise from outside the organization (external risks) and those that come from within the organization (internal risks). External risks are further categorized into economic, political, and environmental categories, while internal risks include operational and strategic risks. Reputational risk may be internally or externally generated. We describe some examples of how risks have arisen in several high-profile cases, showing the intersectionality of the different risk categories – that is, how the different risk types can all be driven by a single risk event.

In this chapter, we discuss the ways that credit risk arises, and how it can be modelled and mitigated. First, we consider the various types of contractual forms for loans and other obligations. We then discuss credit derivatives, which are contracts with payoffs that are contingent on credit events. We consider credit risk models based on the three fundamental components: probability of default, proportionate loss given default, and exposure at default. We consider models of default for individual firms, including the role of credit rating agencies, structural models, which are based on the underlying processes causing default, and reduced form models which are more based on the empirical information, with less emphasis on the underlying story. This is followed by a description of portfolio credit risk models, where the joint credit risk of multiple entities is the modelling objective.

In this chapter, we discuss some of the common psychological or behavioural factors that influence risk analysis and risk management. We give examples of cases where behavioural biases created a risk management failure, and some ways in which the negative impact of biases can be mitigated. Biases are categorized, loosely, as relating to (i) self-deception, (ii) information processing (both forms of cognitive bias), and (iii) social bias, relating to the pressures created by social norms and expectations. We give examples of a range of common behavioural biases in risk management, and we briefly describe some strategies for overcoming the distortions created by behavioural factors in decision-making. Next, we present the foundational concepts of Cumulative Prospect Theory, which provides a mathematical framework for decision making that reflects some universal cognitive biases.

In this chapter, we review some of the risk management implications of the regulation of banks and insurance companies. Banks are largely regulated through local implementation of the Basel II and Basel III Accords. Insurance regulation is more varied, but the development of the Solvency II framework in the European Union has influenced regulation more widely, and so we focus on Solvency II as an example of a modern insurance regulatory system.

In this chapter, we distinguish funding liquidity from market liquidity, and idiosyncratic liquidity from systemic liquidity. We discuss the nature of highly liquid assets, and methods by which a firm might acquire liquid assets to cover short-term cash flow problems, either in normal operations, or in more extreme crises. As liquidity risk is a problem of cash flow management, we explain how cash flow scenario tests can be used to identify and mitigate risks. We describe liquidity adjusted risk measures used in banking. Finally, we describe how firms might create emergency plans for managing extreme and unexpected liquidity shocks.

In this chapter, we describe some numerical methods used for calculating VaR and Expected Shortfall for losses related to investment portfolios, measured over short time horizons – typically 10 days or less. These are techniques commonly used for regulatory capital calculations under Basel III. We start with simple portfolios investments, and then add derivatives. We review the covariance approach, the delta-normal approach, and the delta-gamma-normal approach to portfolio risk measures. Each of these approaches ultimately uses a normal approximation to the distribution of the portfolio value. We also consider the use of historical simulation, based on the empirical distribution of asset prices over the recent past. Finally, we discuss backtesting the risk measure distributions. Backtesting is required under the Basel regulations.

Risk measures are used to give a numerical value, measuring risk, to a random variable representing losses. In this chapter, we introduce several risk measures, including the two most commonly used in risk management: Value at Risk (VaR) and Expected Shortfall. The risk measures are tested for ‘coherence’ based on a list of properties that have been proposed as desirable for risk measures used in internal and regulatory risk assessment. We consider computational issues – including estimating risk measures – and standard errors from Monte Carlo simulation.

“In this chapter, we consider how individual, univariate distributions can be combined to create multivariate, joint distributions, using copula functions. This can be very valuable when a firm is looking at aggregating dependent risks from different business units. We present Sklar’s seminal theorem, which states that for continuous distributions, every joint distribution can be expressed with a unique copula, and every copula defines a valid joint distribution.

We present some important copulas, both explicit and implicit, and discuss their features. We show how measures of rank dependency can be more informative than traditional correlation. In keeping with our interest in tail behaviour of loss distributions, we consider how different copulas exhibit different dependency in the tails of the marginal distributions.

Finally, we discuss construction and estimation of copulas.”

In this chapter, we discuss stress and scenario tests and testing frameworks. We begin with an introduction to stress testing and a discussion of where stress and scenario testing is most useful, as well as noting some limitations. This is followed by a study of methods for designing and generating stress scenarios. We then discuss regulator stress tests, and illustrate using examples of past failures and successes of real-world stress tests.

In this appendix, we review the major concepts, notation, and results from probability and statistics that are used in this book. We start with univariate random variables, their distributions, moments, and quantiles. We consider dependent random variables through conditional probabilities and joint density and distribution functions. We review some of the distributions that are most important in the text, including the normal, lognormal, Pareto, uniform, binomial, and Poisson distributions. We outline the maximum likelihood (ML) estimation process, and summarize key properties of ML estimators. We review Bayesian statistics, including the prior, posterior, and predictive distributions. We discuss Monte Carlo simulation, with a particular focus on estimation and uncertainty.

In this chapter, we present an overview of enterprise risk management (ERM). We begin by discussing the concepts of risk and uncertainty. We then review some of the more important historical developments in different areas of risk management, propose a definition for ERM, and show how ERM has its origins in all of the individual areas of risk management that came before. We discuss how ERM can be implemented as an ongoing process, which is optimally built into the operations of an organization from the top down, through a risk governance framework. Stages of the ERM cycle include risk identification and analysis, risk evaluation, and risk treatment. Each of these stages is introduced in this chapter, and then developed in more detail in subsequent chapters.