When a major risk event unfolds, whether it’s, say, the GFC or COVID-19 or Russia’s invasion of Ukraine, a degree of risk management introspection naturally follows. Financial institutions must perform robust assessments of such volatile and unpredictable risks, but there are now legitimate questions about whether traditional financial risk tools – like stress testing and scenario analysis – are a fit for this task.
It is quite different, after all, to assess, say, the short-range and long-range risks of a global pandemic than it is to measure internal capital vs. risk (the essence of annual stress tests) or to estimate expected credit losses.
Clifford Rossi
The unexpectedness of recent risk events is what really separates them from the pack. Few were ready for the COVID-19 pandemic, an event unlike anything seen on the world stage in the last 100 years. Likewise, the war now raging in Ukraine has shocked much of the world, especially considering its seeming incongruity with the violence-mitigating diplomacy (see, e.g., The Potsdam Agreement) that has been in place since just after World War II.
Speaking of globally-impactful risks that are hard to pin down, climate change has also forced regulators and financial institutions to scramble to put in place an infrastructure to bench-test firms’ climate-related risk exposures.
Out With the Old?
One concern is that the traditional methods used to assess financial risk events may simply not be up to the task to reasonably measure other threats that have both a high degree of complexity and uncertainty in outcomes. So, in a highly kinetic and uncertain environment, is it time we made greater use of noncooperative game-theoretic and risk-simulation techniques – perhaps in combination with our conventional risk models?
Since the GFC, annual financial stress tests have become the norm for all large banks. These types of single-scenario outcomes work well for defined events like an economic crisis, where data and the time horizon are well-established. But the deterministic scenario analysis that financial institutions have previously applied to financial risk events may not be appropriate for irregular risk events that are unpredictable and, often, extremely severe.
For example, applying a severe assumption on gas prices over some time horizon as a result of the Ukrainian invasion might provide insight into the stress on markets or on a specific energy portfolio – but that type of scenario analysis would also likely miss the impact of how Russia may react in other ways (e.g., cyberattacks) that would destabilize markets further.
In short, just because a risk tool has worked for certain events in the past doesn’t mean it should be applied in the future. Standard stress testing practices, for example, are of limited use for unconventional risk events (like a pandemic), because of their complexity, dynamics and unpredictable nature.
Scenario Analysis Flaws, and the Game Theory Alternative
The current Ukrainian crisis provides a case in point of the limitations of our scenario analysis craft.
At the end of 2021, if you had asked CROs about what sort of geopolitical risk scenarios they had in place for a Russian invasion of Ukraine, it’s likely that most would have responded that they had none. Yet, within weeks, the Ukraine-Russia crisis devolved into a complex array of multiple knock-on risks that include destabilization of financial markets, further exacerbation of inflation, and potential derailment of global economic recovery from the pandemic.
Complicating matters further, the possibility of a damaging and dangerous cyber war (e.g, between the U.S. and Russia or Russia and the rest of the world) exists in ways not thought possible even a short time ago. What’s more, we must consider the prospect of significant assets becoming stranded - just think about, for example, Citigroup’s $10 billion in exposure from its Russian consumer bank.
Despite the complexity and uncertainty of these risks, there are modern tools that are equipped to assess them. To better understand geopolitical and cyber risk, for example, financial institutions may turn to game theory – a theoretical framework that analyzes the way individuals, organizations and/or countries cooperate or compete with each other.
For years, in the U.S., game theory has been a mainstay in assessing national security risk, providing a framework for understanding outcomes – as well as for comprehending the behaviors and strategic responses of actors involved in each risk event. In light of the dynamic nature of such events, a repetitive games approach – whereby an actor makes strategic choices based on previous or historical outcomes over multiple scenarios from other actors – is essential.
These types of risk analyses, however, should not be one-dimensional. For instance, deterministic, single-path climate scenarios are not likely to yield meaningful insight into how to manage a company’s exposure to climate change, because of the wide uncertainty of outcomes driven by hundreds of parameters relating to climatological, financial and even behavioral factors.
Financial institutions may instead choose to employ some combination of game-theory and simulation-based assessments, which have the potential to explore a range of outcomes in a dynamic, repeatable framework across a multitude of risk touchpoints. This is the next frontier of scenario analysis.
Parting Thoughts
To understand the nature of risk is to be able to not just identify it but to measure its likelihood and severity, reasonably. That’s a fundamental tenet of risk management. But in volatile markets filled with uncertainty, this has become incredibly difficult.
Indeed, from a multi-year, global pandemic to a raging war in Europe, previously inconceivable risks have recently become reality. Deploying standard financial scenario analysis to these complicated and multi-dimensional risks is insufficient. To do so puts risk managers in an unenviable position of grappling with unpredictable risk events, without confidence in the range of risk outcomes that might play out.
Multiple threats from further geopolitical tensions in other theatres, and the potential for future pandemics, should prompt risk managers to develop sophisticated risk analyses that have the ability to more effectively evaluate risks, behavior and outcomes. Game-theory and simulation-based approaches can help them meet this objective.
Clifford Rossi (PhD) is a Professor-of-the-Practice and Executive-in-Residence at the Robert H. Smith School of Business, University of Maryland. Before joining academia, he spent 25-plus years in the financial sector, as both a C-level risk executive at several top financial institutions and a federal-banking regulator. He is the former managing director and CRO of Citigroup’s Consumer Lending Group.