CRO Outlook

Can Your ERM Framework Accommodate Risk Entanglement?

It is imperative for risk managers to better understand how individual risks interact with each other. But why should they shift away from risk specialization, and what are the benefits of a more interconnected approach?

Friday, June 17, 2022

By Clifford Rossi


Risk managers spend considerable time honing their skills in measuring and managing individual risks. Lamentably, far less attention has been given to understanding not only the interactions between individual risks but also the other internal and external forces that affect their levels and their trajectory.

Much like quantum entanglement theory helps explain the manner in which particles interact, risk entanglement takes into account important risk intersections and provides a basis for evaluating how to enhance your risk management process beyond individual risk assessment. It is one of the key components of a concept I introduced last month: a unified theory of risk management.

What, exactly, does risk entanglement entail? Why is it important to shed light on what happens when diverse types of risk collide, and can a more interactive approach yield improved controls and more sophisticated risk assessment?

From Risk Singularity to Risk Entanglement

Risk taxonomies catalog a diverse array of risks at the enterprise level. However, few, if any, actually recognize (let alone directly describe) how these risks relate to one another.

Reflecting this segmented risk approach, risk departments tend to be set up along specialty areas of focus. Some of these naturally follow business unit or geographical lines, or even risk types – e.g., credit versus operational risk.

Risk specialization is a sensible approach for many reasons, such as alignment of policy, measurement and management strategies. But it artificially constrains risk functions from looking beyond their primary risk focus and thinking about the potential for risks to collide with each other and the implications that has for risk management.

Clifford RossiClifford Rossi

I’m reminded by an experience I had long ago at a firm where I led the credit risk policy area for a consumer-oriented lending institution. My entire focus was on managing the credit risk exposure of the company’s large loan portfolio.

One day, I received a call from my counterpart in capital markets who expressed concern that the relatively tight credit policy we had put in place was wreaking havoc with securities being issued by the firm – securities that were collateralized with loans in our portfolio.

It turns out that those restrictive credit policies, while generating a strong credit profile, were amplifying prepayment risk, which was causing our security values to be discounted relative to our competition. We eventually met in the middle and devised a strategy that would effectively optimize both credit and prepayment risk – and that would, in the end, enhance shareholder value.

Understanding where risks become entangled is an essential ingredient to elevating the sophistication of a risk organization’s assessment process.

The Importance of Developing Linkages

One of the lessons learned from the global financial crisis (GFC) was that many companies originating nonprime mortgages at that time were leveraging extremely deficient loan manufacturing processes. Operational losses were high, as defects in credit underwriting and collateral valuation led to large repurchases of loans and elevated levels of fraud.

During this period, operational risk was amplified by the confluence of several factors: underinvestment in operational risk infrastructure; an acceleration in the rate of mortgage production; an increase in credit risk; and a benign economic environment that masked the buildup of risk overall. Quite simply, the internal plumbing was unable to handle the pressure, and the pipes eventually burst.

What was needed at the time was a more interconnected model. Building an integrated model that can represent the aforementioned types of relationships can shed considerable light on the way risks affect each other. Moreover, it can offer insights on how to build additional processes and controls into a risk management framework to account for these nonlinear outcomes.

In the case of, say, operational and credit risk, a linked approach would describe how operational loss rates can be affected by production volume and growth, credit risk, economic conditions, and investment in risk infrastructure.

Let’s now take a closer look at how an integrated model for credit/operational risk should work. This example is based on a specific asset growth rate function, and also relates operational loss rates to credit risk and investment in the operational risk infrastructure. In addition, the model is parameterized for different economic conditions (e.g., favorable, normal, and recession), as well as high, medium, and low credit risk scenarios. The results of such an analysis are shown below in Figures 1a and 1b.

Figures 1a and 1b: The Impact of Credit, Risk Infrastructure Investment and Asset Growth on Op Risk


The purpose of this analysis is to assess how investment in operational risk infrastructure can affect operational loss rates under a variety of different economic and credit risk conditions. Operational loss rates produced in this example are normalized by the average operational loss rate generated under the normal economic and medium credit risk scenario.

The takeaways from this analysis are as follows:

  1. Companies that do not invest in operational risk infrastructure realize much higher relative operational loss rates than those that do, regardless of credit or economic environment.
  2. Credit risk affects operational risk and amplifies that risk for companies that do not invest in operational risk infrastructure.
  3. High asset growth environments further increase operational risk, but this can be tempered by investment in operational risk infrastructure.
  4. Benign economic conditions reduce the incentives for investing in operational risk infrastructure by masking their contributions to mitigating operational loss over the long run.

Parting Thoughts

Risk taxonomies and risk assessments generally underestimate relationships that exist between risks. Evidence of this was borne out of the GFC, and this lack of connectivity remains one of the most challenging areas of risk management to flesh out.

Developing the linkages between risks – specifically, where processes, controls and policies in one risk area could affect another - could help mitigate risk overall across the organization. This requires strengthening the risk profile process to better describe these linkages in an integrated way across risks, particularly when assessing intrinsic risks, controls and residual risks.

Likewise, risk taxonomies should be enhanced to illustrate important interactions between risks. This will not only shine a spotlight on risk entanglement but also yield greater transparency.


Clifford Rossi (PhD) is a Professor-of-the-Practice and Executive-in-Residence at the Robert H. Smith School of Business, University of Maryland. Before joining academia, he spent 25-plus years in the financial sector, as both a C-level risk executive at several top financial institutions and a federal-banking regulator. He is the former managing director and CRO of Citigroup’s Consumer Lending Group.


BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals