Intelligent Risk - August 2023

Page 1

©2023 - All Rights Reserved Professional Risk Managers’ International Association August 2023
INTELLIGENT RISK knowledge for the PRMIA community




FIND US ON @prmia
Thanks to our sponsors, the exclusive content of Intelligent Risk is freely distributed worldwide. If you would like more information about sponsorship opportunities contact Intelligent Risk - August 2023 02
Steve Lindo Principal, SRL Advisory Services and Lecturer at Columbia University Carl Densem Risk Manager, Financial Markets, Rabobank SPECIAL THANKS 03 Editor introduction 13 The heartbeat of the organization in an era of resilience by Martin Gierczak 22 Research shows that culture really does eat strategy for breakfast - by Rachael Johnson 32 Riding out market disruption: an alternative to hedging with options - by Malcolm Gloyer 42 To get the most from cyber insurance, demand more from your information security team - by Nick Sanna 57 Beyond recovery: how regulators handle bank resolution and the case of Silicon Valley Bank - by Kaila Mayers 50 Managerial philosophy and its impact on risk culture by Michael Parker 46 Balance sheet risk management in stressful times: lessons from Silicon Valley Bank by Dr. K. Srinivasa Rao 05 Why banks fail and what to do about it by Dan diBartolomeo 17 ESG scoring and its viability for future investing by Nadia AlQassab 28 Banking system interconnectedness by Veni Arakelian & Andrea Calef 38 Managing data privacy risks in the current corporate environment - by John Kyriazoglou 61 Foreseeable and preventable – the autumn 2022 UK gilt markets turmoil - by Patrick Kelliher 53 Climate risk in Gulf Cooperation Council (GCC) countries – an enterprise risk management perspective by Aakash Ramchand Dil

editor introduction

In this edition of Intelligent Risk we feature a provocative capstone article by one of our regular contributors, Dan DiBartolomeo, on “Why Banks Fail and What to do about it.” This article sheds light on the fall of Silicon Valley Bank and other cases by demonstrating that blindly adhering to regulation can be a recipe for disaster when market conditions change. He proposes metrics and an integrated approach for considering these dual (and dueling) pressures and what the results mean for bank management. This stimulating read is not to be missed.

Closely related on the topic of bank resiliency are three more articles. The first is “Banking System Interconnectedness” by Veni Arakelian and Andrea Calef, in which the authors explore systemic risk and offer policy recommendations. In “Balance Sheet Risk Management in Stressful Times” Dr. K. Srinivasa Rao examines the ALM missteps of SVB. And, for when all else fails, in “Beyond Recovery: How Regulators Handle Bank Resolution and the Case of Silicon Valley Bank,” Kaila Mayers looks at tools for resolving failed banks.

Aside from this flurry of thoughts on banks, our contributors wrote on a variety of other current topics this quarter: from ESG to data privacy and cyber insurance. We hope you enjoy the breadth and thoughtfulness of their ideas as much as we, the editors and reviewers, did.

Thank you to Seneca Polytechnic’s Centre for Executive & Professional Learning for sponsoring this issue.

If you’re interested in sharing your thoughts in a future Intelligent Risk or providing feedback on something you read in this issue, we welcome your emails to or posts on PRMIA’s Intelligent Risk Community webpage

03 Intelligent Risk - August 2023

our sponsor

Seneca Polytechnic’s Centre for Executive & Professional Learning (CEPL) specializes in courses to prepare learners for the next stage of their leadership journey. Programming offered through CEPL includes executive certificates, microcredentials and professional development courses. Whether you’re looking for increased responsibility, moving into a more senior leadership position or career progression, our goal is to support you in reaching that goal. To respond to industry demand and sectoral changes, we have recently launched new offerings in AML governance, ESG, and operational resilience

04 Intelligent Risk - August 2023

In 2023, banks which managed their risks by simply adhering to regulatory requirements ignored warning signs of market stress and changing risks, resulting in failure. This article presents a quantitative metric, founded on established economic theory, that steers banks dynamically between the poles of market conditions and regulations.

why banks fail and what to do about it

The recent set of bank failures as well those experienced in the Global Financial Crisis of 2008-2009 share a simple common root. Banks managements see risk management as a binding constraint which is always costly. They therefore prefer to ignore risk, which they are not required by regulators to address. Since the collapse of the crypto exchange FTX last November, the banking sector both in the US and Europe has come under increased stress. The entire financial system has recently been shaken by the failure of several major banks (SVB, Credit Suisse, Signature, First Republic).

While the reasons vary as to why particular banks have come under fire, the predominant risk to the banking system, including depositors, insurance funds, and the shareholders of banks is the potential for “bank runs” where uninsured depositors all want concurrent withdrawals beyond the available liquidity of a specific bank. What is needed is a framework that aligns the interests of bank managements, shareholders, and regulators to reduce the chance of similar events in the future. Healthy banks that are profitable for shareholders don’t need rescues from regulators.

introduction outlining the approach

Just after the closure of SVB, I had an unrelated phone conversation with a friend who is one of the most famous equity portfolio managers in history. His comment on the collapse of Silicon Valley Bank was brief, “greed and stupidity ”.

Intelligent Risk - August 2023 05
1 / The author is a PRMIA regional director and president of Northfield Information Services, Inc. Almost all financial institutions mentioned herein are present or past clients of this firm. The author acknowledges the helpful comments of Professor Mark Williams of Boston University.

If you accept that view, the key to bank risk management is to put policies in place that compel bank senior managers to avoid such behavior. It should be noted that alarms have been raised for many years. A good example is the book Iceberg Risk by financial researcher Kent Osband. The book is a novel about people working in the risk management departments of large banks. Each chapter has a technical appendix explaining the analytical topics which arise in conversation among the characters. The novel illustrates how failures of judgement by senior managements are likely to have contributed to the Global Financial Crisis. This degree of accurate representation is remarkable given that the book was published in 2004, several years before the GFC unfolded.

To encourage sound and broadly beneficial decisions by management, our proposal is a dynamic risk management policy that contributes positively to the success of banks. This framework aligns the interests of banks shareholders and bank regulators in a new way and is demonstrably optimal for the long-term profitability of commercial banks. The proposed process relies on economic theory from Litzenberger and Rubinstein (1976), Wilcox (2000), Acerbi and Scandolo (2008) and diBartolomeo (2021).

is action needed?

Before we consider how to reduce the likelihood of bank failures, we should consider whether such incidents are sufficiently rare that no action need be taken. Just a few days after the collapse of SVB (March 10th, 2023) a working paper by Jiang, Matvos, Piskorski, and Seru (2023) was posted online. The study considers two key aspects of the current situation to describe the fragility of a particular bank: (1) uninsured deposits as a fraction of total assets of a bank and (2) the estimated unreported decline in capital reserves arising from the loss of market value of bank assets as a result of recent increases in interest rates. The study data came from quarterly FDIC “call reports” which are publicly available online.

SVB was in the 99th percentile (highest ratio) of uninsured deposits and in the 90th percentile in terms of capital status (i.e., 10% of banks were worse off). To the extent that more frequent evaluation might be useful, my firm’s internal models ranked SVB in the 96th percentile for most risk over the twelve months in a universe of two hundred twenty-nine large banks with US traded shares. SVB had also borrowed USD $20 Billion from the Federal Home Loan Bank months before the crisis, indicating that management was aware of possible liquidity problems.

The academic study concluded that across the US, up to 190 banks with USD $600 Billion in total uninsured deposits could be at risk of failure. The uninsured deposits estimated in the study would represent about USD $360 Billion adjusted for inflation in 2008 dollars. That figure compares to USD $750 Billion for the US allocated for “bailouts” in the GFC period. However, USD $182 Billion of the USD $750 Billion was allocated to AIG alone who not only repaid the Treasury in full, but the US Government made USD $26 Billion in eventual profits on the deal.

06 Intelligent Risk - August 2023

While USD $360 Billion is almost half of the USD $750 Billion allocated in 2008, there is a fundamental difference. A bank run is a liquidity event not a solvency event. The withdrawn cash isn’t gone from the system, most of it just moves to other banks or money market funds. Any loss of solvency arises from the impacted bank doing “fire sales” (high transaction costs) of assets to raise cash to meet withdrawals. This effect was illustrated by the deposit of USD $30 Billion into First Republic Bank by a consortium of larger banks led by JPMorgan (who later acquired FRC out of receivership). Among other nations, Japan has a long tradition of “convoy” rescues within banking.

The raw proportion of uninsured deposits among troubled banks is worth noting. The deposit base of SVB was 94% uninsured. Silvergate was at 95%, while Signature was at 90% and First Republic at 67%. Public data available from the FDIC suggests that the US average has been around 45% in recent years, so at least three of the troubled banks were double the average.

unrealized losses – a double-edged sword

An important facet of the failures of SVB and FRC was the lack of reporting of unrealized losses in their previous financial statements. US banks with less than USD $250 Billion in assets can generally choose not to “mark to market” certain assets in their financial statements, as most bank assets are loans with no secondary market. Among the asset types often treated under “statutory accounting” treatment are high quality bonds that a bank intends to hold to maturity

Since the value of a bond is fixed at maturity (in the absence of default), the market value fluctuations through time become irrelevant to an investor who is almost certain to hold the bond to maturity (e.g., a life insurance company). Statutory accounting allows financial institutions to report much steadier earnings because the “income” of fixed income securities is always positive. If you can ignore price fluctuations total returns are always positive. With rising interest rates, the market value of many fixed income assets (bonds, MBS, loans, fixed rate mortgages) declines so unreported losses arise and become relevant if and only if a current sale of these assets is required to meet withdrawals.

US regulation requires full “mark to market” for many financial institutions including large banks, investment banks, self-clearing brokerage firms, securities exchanges, and futures brokers. Some countries (e.g., Canada) require full mark to market even for some longtime horizon entities such as life insurance companies. There have also been cases of financial institutions that intentionally abused statutory accounting such as the situation of First Executive Life Insurance (1991) and the Massachusetts Bay Transit Authority Retirement System (2015). Proponents of statutory accounting argue that requiring “mark to market” for all financial assets would add operating costs and make earnings much more volatile for small institutions. It should also be considered that valuation of non-traded assets (e.g., most loans) is subjective at best as illustrated by the relatively vague wording of FASB 157.

07 Intelligent Risk - August 2023

the impact of headline risk on liquidity

We should also think of a bank run in the context of endogenous time. In essence, we argue that investors and depositors make decisions on the basis of relevant information (i.e., financial news) flowing to them. The faster the rate of information arrival, the greater the volatility the concerned financial contracts are likely to experience, as described in Mitra, Mitra, and diBartolomeo (2009). A bank run is a special case of this problem, as uninsured depositors can only lose in response to financial news coverage. No news is good news. Online banking has made uninsured depositor response to negative news effectively instantaneous.

The voluntary shut down of Silvergate Bank and the collapse of Signature Bank were closely tied to turmoil in digital assets after the failure of FTX. Both concentrated in transaction processing for crypto-related clients. Annual crypto-related investments ranged from 1% to 4% of all global venture capital deals in recent years. While not a huge percentage, it was still tens of billions of dollars and sufficient to focus the attention of venture capital organizations on financial stability of their banks. Silicon Valley Bank was extremely concentrated in activities related to venture capital, in addition to being among the top in the nation in uninsured deposits. The SVB failure prompted uninsured depositors and investors to look generally at the issue of banks with high degrees of vulnerability to a bank run. Several US west coast regional banks were perceived as vulnerable along with CS and FRC, although only Credit Suisse was likely to be of global importance. Further complicating the situation were personal connections between First Republic and SVB senior managements.

Updating risk assessments daily utilizing information from both equity option markets and the analysis of financial news illustrates an interesting feature of the data. Our internal assessment of SVB firm-specific risk (i.e., not risks associated with the banking industry in general) doubled from between March 1 and March 9, the night before the collapse. The daily assessments of both CS and FRC doubled after the collapse of SVB.

other warning signs

There was another way for depositors to realize that certain banks were unstable. During the hurried takeover of CS by UBS, USD $17 Billion in “alternative Tier 1 capital” bonds became worthless. This kind of “hybrid” bond is structurally similar to preferred equity shares. Calling this security a bond makes it easier to sell to investors, and the “interest” is a tax-deductible expense to the issuing bank. Most AT1 bonds are structured like a convertible bond in reverse, where the issuer decides when the bond should be converted to equity. The CS AT1 bonds were unusual. They were perpetual with no maturity date like preferred equity. The legal covenants were like “catastrophe bonds” issued by insurance companies where specified conditions trigger a “wipe out” of the bondholders. As of late February, the 5.5% CS AT1 bonds were yielding 9.75%, as compared to about 1.4% for long term Swiss government bonds, so the bond market clearly recognized the high likelihood of default.

08 Intelligent Risk - August 2023

We should consider the implications of bank failures on the stability of sovereign creditworthiness. Banks are strongly encouraged by regulation with minimal requirements for capital reserves to hold government debt as their major reserve asset. The government needs banks to function smoothly to keep their national economy out of chaos, so acts as a de facto guarantor. The new combination of UBS/CS will have assets twice the annual GDP of Switzerland. Total Swiss banks assets are around five times GDP. All US bank assets combined are about one times annual GDP. Analytical models of the relationship between national banking systems and sovereign credit are provided in Bodie, Gray and Merton (2007) and Belev and diBartolomeo (2019).

a new approach to preventing bank failure

Let us now turn to our recipe for keeping banks prosperous and out of trouble. We will first consider a bank simply as a pool of assets to be managed to maximize risk-adjusted return for a set of investors. A good example are the private credit funds that have pension funds and insurance companies as participants. We will next consider how having highly leveraged balance sheets impacts an investment entity. Ignoring liquidity concerns and local community considerations, a bank would look very much like a highly levered fixed income hedge fund.

Our goal is to derive an intuitive dynamic risk management policy that is mathematically optimal to ensure that banks stay solvent and yet maximize long term returns to their shareholders, thereby aligning the interests of all stakeholders. Finally, we will illustrate risk calculations that allow both bank management and regulators to observe whether optimal risk policies are being followed from data already at hand.

If an investment entity has no liabilities and an infinite time horizon, their objective is “growth optimal” where the intent is to maximize the expected geometric mean return. If returns are measured in decimal form, then the objective can be stated as a simple expression, as described in Markowitz and Levy (1979).

It is often more convenient to express this equation using the reciprocal of lambda which I will call “risk tolerance” (T), and if returns are measured in annual percentages (more common in banking), the growth optimal value of T is 200. If the investor has liabilities or cares about maintaining solvency (i.e., a bank) during the path to the long-term horizon, T will be smaller making the penalty for taking risk larger. If the financial entity has liabilities (i.e., a bank), the relevant extension was first presented in Litzenberger and Rubinstein (1976) and two papers by Wilcox (2000, 2003).

09 Intelligent Risk - August 2023

The optimal value of T at each moment in time is just the capital ratio of the bank times 200 (e.g., If a bank has 6% capital ratio at a moment in time, the optimal value of T is 12). The intuition is that a bank should have zero risk tolerance with respect to fulfilling liabilities. The available surplus can be invested to maximize long-term growth to benefit shareholders. This does not imply holding two portfolios but rather maintaining the optimal level of T over time to maximize U, given the set of available return/risk tradeoffs of the assets the bank can choose to hold on its balance sheet.

optimizing bank risk tolerance

Banks have a lot of multiple ways to maintain optimal risk tolerance levels. They can increase or decrease capital (sell or buyback equity shares) as was hastily attempted in the SVB case. They can also Increase or decrease their issuance of Additional Tier 1 capital bonds (issue or call). Most easily done is to increase or decrease asset risk (annual volatility equivalent) through derivatives (CDS, interest rate swaps) used to extend or hedge asset portfolio risks.

To know how to change their risk tolerance (T) to the optimal level given current circumstances, the bank needs to know what T is implied by the current operations. Banks routinely report a short term “Dollar Value at Risk” metric to regulators. A typical report would be “10 trading day horizon at a 95%, confidence interval”.

The derivation of the value of 6 for the coefficient in the second formula is given in diBartolomeo (2021). These formulae assume that banks are calculating their “Value at Risk” in a realistic manner. Such valid VaR estimation requires consideration of several issues including skew and kurtosis of the expected distribution of asset returns (e.g., credit risk creates negative skew), illiquidity of bank assets, and the aforementioned issue of unrealized losses in asset value that have not yet been recognized on financial statements.

The issue of higher moments in the distribution of expected asset returns is addressed in diBartolomeo (2023). These effects are routinely captured in VaR estimation. The issue of banks holding illiquid assets while having “at call” liabilities is well modeled in Acerbi and Scandolo (2008). Their process is for the bank to maintain an explicit liquidity policy that says, “we will be prepared to liquidate P percent of our total assets in N trading days”. The expected loss of asset value associated with a “fire sale” of bank assets can then be added into the estimated “Value at Risk”. With respect to the potential of bank runs, the value of P should clearly be tied to uninsured deposits.

Since VaR represents potential dollar losses on a portfolio of financial assets, we should also add in unrealized losses as these losses will be realized if immediate liquidity is required to meet withdrawals. Increased VaR values may require banks to add to liquidity and capital.

10 Intelligent Risk - August 2023

Given the probabilistic nature of the unrealized losses being realized in the future, this issue belongs in the realm of risk management, not financial accounting.


We assert that most bank failures are the result of business policy decisions wherein risk management practices required by regulators are always seen as a cost to shareholders. By framing the policy decisions of a bank in a fashion similar to a hedge fund, we can take advantage of a great deal of economic theory that would guide bank managements to optimal behavior, aligning the interests of shareholders and regulators to greatly minimize the likelihood of bank failures.

The general principle is that bank risk management policy should be dynamic through time and reset frequently to the level which is optimal for both regulators and shareholders given market conditions and the degree of leverage on the bank’s balance sheet. Successful implementation of such a process is dependent on accurate estimation of Value at Risk, inclusive of the effects of asset illiquidity, higher moments in asset returns, unrealized losses, and potential transaction costs of greatly accelerated asset sales during a “run on the bank”.


1. Litzenberger, Robert and Mark Rubinstein, “The Strong Case for the Generalized Logarithmic Utility Model as the Premier Model of Financial Markets”, Journal of Finance, 1976, Volume 31(2), pp. 551-571.

2. Wilcox, Jarrod. “Better Risk Management”, Journal of Portfolio Management, 2000, Volume 26(4), pp. 53-64.

3. Acerbi, Carlo and Giacomo Scandolo, “Liquidity Risk Theory and Coherent Measures of Risk”, Quantitative Finance, 2008, Volume 8(7), pp. 681-692.

4. diBartolomeo, Dan. “Simplified Investment Performance Evaluation”, Journal of Performance Measurement, 2021, Volume 25(3).

5. Jiang, Erica Xuewei and Matvos, Gregor and Piskorski, Tomasz and Seru, Amit, Monetary Tightening and U.S. Bank Fragility in 2023: Mark-to-Market Losses and Uninsured Depositor Runs? (March 13, 2023). Available at SSRN: https://ssrn. com/abstract=4387676 or

6. Mitra, Leela, Gautam Mitra and Dan diBartolomeo. “Equity Portfolio Risk Estimation Using Market Information and Sentiment”, Quantitative Finance, 2009, Volume 9(8), pp. 887-895.

7. Gray, Dale F. and Bodie, Zvi and Merton, Robert C., Contingent Claims Approach to Measuring and Managing Sovereign Risk. Journal of Investment Management, Vol. 5, No. 4, Fourth Quarter 2007, Available at SSRN: abstract=1084683

8. Belev, Emilian and Dan diBartolomeo, “Finance Meets Macroeconomics: A Structural Model of Sovereign Credit Risk” in Contingency Approaches in Corporate Finance, Editors M. Crouhy, D. Galai and Z. Weiner, 2019. World Scientific.

9. Markowitz, Harry and Haim Levy, “Approximating Expected Utility by a Function of Mean and Variance”, American Economic Review, Volume 69(3), pp. 308-317.

10. Wilcox, Jarrod. “Harry Markowitz and the Discretionary Wealth Hypothesis”, Journal of Portfolio Management, 2003, Volume 29(3), pp. 58-65.

11. diBartolomeo, Dan. “Investment Performance Evaluation when Returns are Not Normally Distributed”, Journal of Performance Measurement, 2023, Volume 27(2), pp. 10-16.

11 Intelligent Risk - August 2023

peer-reviewed by

Dan diBartolomeo

Dan diBartolomeo is founder and president of Northfield Information Services, Inc. He serves as PRMIA Regional Director for Boston, as well as on boards for several financial industry associations including IAQF, QWAFAFEW, BEC and CQA. Dan spent eight years as a Visiting Professor in the risk research center at Brunel University in London. In 2010, he was awarded the Tech 40 award by Institutional Investor magazine for his analysis that contributed to the discovery of the Madoff hedge fund fraud. He is currently the co-editor of the Journal of Asset Management and has authored nearly fifty research studies in peer review publications.

12 Intelligent Risk - August 2023


the heartbeat of the organization in an era of resilience

The success of an organization in an unpredictable, chaotic, and emerging AI-supported world depends on its ability to cultivate a resilient culture that adapts to changing circumstances. This resilience is crucial in mitigating both indirect and direct risks, which, if they materialize, could lead to a temporary or permanent disruption to the organization.

Regardless of size or type, the heartbeat of any organization is its operations. Understanding an organization’s functions, processes, technology, data, people, physical structures, governance, and policies will depend on the layers of defense that exist to keep the organization functioning. In the world of operational resilience, the three layers of defense of the organization work together, adapt to emerging risks through micro-change management processes, scenario analysis, and risk journey experiences. Exercising the heartbeat, and the entire organization into a condition of desired resilience readiness and maturity can be accomplished by defining what operational resilience means for your organization.

The 2023 Global Risk Report from the World Economic Forum explores the need for an investment in multi-domain, cross-sector risk preparedness to help support a collective approach in building global resilience. Due to the interconnectedness of risks through various environments, the inherent nature of abrupt or chaotic changes in global risk landscapes, emergence of a polycrisis, and the eventual costbenefit requirement that most organizations abide by to make decisions. So, how do organizations still manage chaos knowing that there are organizational impediments in doing so?

This article explores the world of emerging risks and how operational resilience will play a vital role as a mechanism for reducing the emerging and systematic risks that are already impacting organizations globally. Operational resilience is built upon an understanding of the organization’s operations and, most important, stresses the role of people and their education in making these changes stick. Intelligent Risk - August 2023 13

a culture of resilience

When faced with challenges, unpredictability, and in need of effective strategic alignment, developing a culture of resilience is crucial for individuals, communities, and organizations to prosper. In the world of business, this uncertainty can be likened to chaos, and an organization’s ability to navigate and utilize chaos effectively is referred to as business resilience.

Resilience is to embrace chaos and leverage its potential to facilitate necessary changes within an organization’s processes, technology, people, knowledge, work environment, community engagement, communication, and governance. If chaos is risk, then resilience means thriving as a collective, to attain strategic goals and the expectations of those that depend on the organization to continue functioning, regardless of if a risk is realized. A culture of resilience within an organization means everyone has a shared responsibility in its ability to operate. The challenge: very few organizations know where to start. The opportunity is that operations are always at the heart of each organization, and that is why resilience planning needs to start there.

Traditionally, most organizations utilize industry standards in business continuity, risk management, occupational health and safety, cybersecurity, etc. to build frameworks, processes, programs, and hire skilled labor or specialized agencies with various approaches. Due to lessons learned during the COVID pandemic, inflation, challenges with supply chains, labour, and countless other factors, rising costs are adding additional complications in the ever-complex environment of risks. Mitigating potential disruptions requires a combination of emerging risk methodologies such as operational resilience to challenge the status quo in risk management and enhance lines of defenses. Due to its reliance on having a methodology that incorporates multi-line-of-defense domains and fosters adaptability across different sectors, operational resilience is one solution to support risk identification, mitigation, change, response, and recovery.

building operational resilience

Skilled labor, specialized knowledge processes, capacity management, effective communication and cycles help drive operational risk and resilience strategies forward for organizations. While operational resilience is an emerging discipline, it will require intensive planning for risk mitigation, technology solutions to help aid in that planning, and innovating digital or physical process changes within your organization to help it evolve in a competitive environment and to adapt to emerging risks.

In understanding the risk landscape, line of defense controls involved during “business as usual”, the stakeholders’ responsibilities to support risk mitigation actions or recovery efforts, and all the processes, functions, technologies, data, and people which contribute to the enhanced understanding of what resilience means to any organization, you begin building a vision of what resilience means for your organization.

14 Intelligent Risk - August 2023

With a strong vision of becoming a resilient organization, the primary goal of attaining operational resilience is empowering the key technical, business, and external vertical stakeholders in making actual change to the organization. Operational resilience takes it a step further by leveraging strategies and tactics to enable certain processes of creativity with the intent of reducing the burden on resources and capacity. As an example, a unique method of risk reduction using creativity through perspective analysis using agile-user stories during scenario validation exercises is to understand the perspectives of key stakeholders to ideate operational-resilient change opportunities.

While every organization is different and will define the scope of operational resilience differently, the most common factor regardless of the methodology is that the heartbeat’s most critical functions and dependencies will always need the people behind each beat. A proposed operational resilience framework and adaptability into existing lines of defense processes is published in the Journal of Business Continuity and Emergency Planning: “How to build more resilient businesses and communities – A proposal.”

People are the foundational building block of building a culture of resilience, the next block is the ideas that we bring to life to bring about resilient change within organizations. Finally, it is how we make sure that the ideas we implemented keep running the way they are intended to do so, regardless of the disruption or realized risk.

Empowering your people through upskilling can result in enhanced understanding across your organization in areas such as defense maturity and operational readiness. Providing professional learning opportunities for your teams will also prepare your people to better understand lines of defense and the highly sought after that encompasses all lines of defense. Such learning will empower your teams to identify and understand the risk journey and to assist in the development of sound resilience strategies for your organization. One example of professional learning in operational resilience is the course, Operational Resilience, offered at Seneca Polytechnic. Designed for working professionals, the courses provide learners with the foundational capabilities of building operational resilience within their respective organizations.


To bring the heart and the organization together to build a culture of resilience, remember, “Alone we can do so little; together we can do so much.” - Helen Keller. A culture of resilience is all-encompassing, with a common goal of making the organization and its people thrive in the face of adversity.

the critical role of people
15 Intelligent Risk - August 2023

Martin Gierczak

Martin Gierczak takes pride in helping businesses and organizations ‘bounce back’ from shocks but also internalize growth and development strategies so the organization can evolve and adapt to dynamic and interconnected environments. His expertise ranges from business continuity, crisis management, emergency management, IT disaster recovery, health & safety, wellness, Lean Six Sigma, Agile, Information Mapping, and project management for financial, service, government, and not-for-profit organizations for the past 10 years.

Martin’s unique methodology in operational resilience encompasses several professional disciplines and synthesizes the framework to be adaptable for organizations to implement regardless of the size or industry to help build more resilient organizations. His paper on operational resilience is published by the Journal of Business Continuity & Emergency Management and titled “How to build more resilient businesses and communities”. He is a coalition member of Climate Proof Canada, a mentor with The Forum, the City of Markham’s small business digital resilience program, Disaster Recovery Journal, Business Mentors Network, and the Ontario Association of Emergency Managers (OAEM).

Currently, Martin is a professor at Seneca Polytechnic for operational resilience, Project Management Specialist of Operational Resilience with the Bank of Canada and serves as OAEM’s Director of Communications.

author 16 Intelligent Risk - August 2023

ESG rating agencies differ in their approach to judging how aligned companies are to ESG pillars. Variation arises from their methodology but also their data sources, scoring systems and other factors. This article explores this range and discusses the chorus of voices calling for standardization akin to that of credit rating agencies.

ESG scoring and its viability for future investing

Environmental, Social, and Governance (ESG) scoring is gaining momentum and is a prominent indicator that determines if a company is “socially responsible”. Since social responsibility is in essence a subjective notion, subsequently so is socially responsible investing – and ultimately the growing requirement for ESG rating agencies. Nevertheless, every emerging initiative comes at a cost alongside numerous challenges. In the case of ESG scoring, challenges include the lack of data, ambiguity of scoring, qualitative data considerations versus quantitative, non-uniformity between ESG rating agencies, evolving regulations and many more. This article explores those challenges, the different ESG rating agencies’ calculation methodologies, and evolving ESG rating regulations.

ESG scoring measurement

In order to assess a company’s sustainability practices and approach to managing ESG risk, data analytics companies developed ESG risk ratings that measure a company’s ESG alignment practices resulting in a score (similar to the traditional credit scoring developed by rating agencies, which are monitored on non-ESG parameters). The score is calculated against an ESG matrix and expressed in various formats, such as a number scale, which can be 1 to 10 or 0 to 100 (the higher signifies an improved alignment to ESG pillars), simply based on a letter system, or built on five risk levels, such as negligible, low, medium, high, and severe.

ESG scoring systems are also classified into two categories: industry specific or industry agnostic. Industry-specific scoring systems evaluate topics that have been considered material to the industry at large. Industry-agnostic ESG scores attempt to combine widely-accepted factors that are vital across industries.

Synopsis introduction
Intelligent Risk - August 2023 17

ESG scoring is measured against each of the three risk pillars:

• Environmental: GHG emissions, improvements in water and resource efficiency, and development of ecofriendly products

• Social: stable supply chain management, fair trade systems, securing and nurturing talent, and the company’s overall relationship with stakeholders

• Governance: legal and compliance issues in Board operations, independent professionalism, diversity of board of directors, and development of a long performance-linked remuneration system

ESG rating agencies

ESG scores are provided by several third-party providers, such as researchers and analysis firms. These companies include Bloomberg, Refinitiv, RepRisk, MSCI, and many more. There are more than 140 different ESG data providers.

Table 1 below summarizes some of the different agencies that report ESG scores, detailing the rating scale adopted and the area of measurement.

18 Intelligent Risk - August 2023
Table 1: ESG Rating Agency Scales

ESG scoring measurement

Data by ESG rating agencies is collected by two means: either self-reported or from publicly available data sets. Some agencies may exclude self-reported data entirely and only depend on publicly available data. Some rating agencies also adopt artificial intelligence (AI), leveraging machine learning into their data screening process.

These agencies review publicly available data and conduct primary research with company management about the organization’s sustainability efforts. Still, based on ESG rating agencies’ varying data collection approaches, assigning a final ESG risk score can be perceived as potentially subjective and biased.

The deficiency of ESG scores lies in the fact that every agency deploys its own methodology, analysis, and algorithms in evaluating ESG metrics. This is mainly attributed to the measurement, differential weighting, and sources of the ESG data and factors, which presents what could be viewed as misaligned standards. For example, this allows Shell, an oil company, to boast a higher sustainability score than Tesla, a company that makes electric vehicles using renewables. Many industry players argue that this differential is justified since the ESG evaluation and scoring is so subjective, requiring investors ultimately to evaluate each rating score against the agency’s methodology, then to compare both to ensure a company’s portfolio objective is in line with ESG risk versus return.

On the other hand, the benefits of ESG scoring are numerous. Generally, the market view is that companies with better ESG scores are more equipped to face future climate change-related and socioeconomic risks, are more inclined to long-term strategic thinking, and are committed to long-term value creation rather than short-term gains. According to research conducted over 1,000 academic papers published between 2015 and 2020, a positive relationship between ESG and financial performance was exhibited (Whelan, Atz, Clark 2020).

Table 1: ESG Rating Agency Scales (continued)
19 Intelligent Risk - August 2023

ESG rating agency regulation

Subsequent to highlighting ESG scoring benefits, the requirement for increased uniformity between ESG rating agencies is becoming apparent. Note that ESG rating agencies are not regulated in the same way as credit rating agencies, for which regulation now requires uniform calculation methodologies to increase transparency. Additionally, on November 22, 2022, the Financial Conduct Authority (FCA) announced the formation of a working group to develop a voluntary code of conduct to address growing concerns around labelling and provision of ESG benchmarks. The FCA also supported a paper published in June 2022 titled “ESG integration in UK capital” (CP21/18, from clause 2.32), which highlighted strong support for an internationally unified approach following the International Organizations of Securities Commission’s (IOSCO)1 recommendations.

ESG ratings are gaining importance among investors and financial institutions for their ability to demonstrate the alignment of a company’s ESG initiatives. The main requirement is to maintain a healthy ESG rating in comparison to competitors and peers in order to form a competitive advantage. ESG rating agencies continue to develop and improve the rating measurement process, and these agencies play a vital role in transitioning to a sustainable world. Nevertheless, investors should bear in mind the differential evaluation criteria between rating agencies and the requirement to match these criteria to a company’s portfolio and strategic profile to minimize conflict of interest and misinterpretation, which can be detrimental to investor confidence. Nonetheless, ESG scoring is predicted to continue gaining in importance as a futuristic investing mechanism - with high reliance on ESG rating agencies.

1. Polsk, Deloitte. “Comparing Rating Agencies and ESG Methodologies - Deloitte US.” Deloitte, 2022, content/dam/Deloitte/ce/Documents/about-deloitte/ce_table_ratings_esg_eng.pdf.

2. “9 Best ESG Rating Agencies - Who Gets to Grade?” The Impact Investor | ESG Investing Blog, 18 Feb. 2023,

3. Macrì, Letizia. “ESG Rating: What’s the Future?” Corporate Disclosures, 2023, opinion/esg-rating-whats-the-future.html.

4. Clark, Whelan Atz. “ESG and Financial Performance - NYU Stern.” NYU, 2020, assets/documents/NYU-RAM_ESG-Paper_2021%20Rev_0.pdf.

2 / IOSCO is an independent, non-profit organization, which incorporates public securities regulators internationally. 20 Intelligent Risk - August 2023

Nadia AlQassab

Nadia AlQassab is a Senior Lecturer at the Banking and Finance Center at the BIBF. She holds the Professional Risk Manager (PRM), the Sustainability and Climate Risk (SCR) Certificate, and an MBA in Business Administration from Strathclyde University. She previously worked as the AVP Market Risk Senior Manager at Gulf International Bank (GIB) and Head of Market and Middle Office Desk at Bank of Bahrain and Kuwait (BBK). She was chosen in 2009 as an Executive Trainee, with a fast-track career in BBK and was re-selected in 2020 as part of the Ashridge leadership program (the first leadership program for senior managers developed in BBK). She also participated in the first mentorship program initiated by BBK. Additionally, Nadia has served as a parttime lecturer with Ernst and Young.

author 21 Intelligent Risk - August 2023


A recent survey on risk culture reveals the need for companies to embed a risk culture across the organization instead of it only existing in the executive functions. It also shows trends in the top risks noted by respondents from around the world, reflecting the recent upheaval and uncertainty in society and the environment.

research shows that culture really does eat strategy for breakfast

From record heatwaves and rising macro uncertainty to further hype around generative artificial intelligence (AI) and its rapid adoption, the hazards and opportunities facing organizations today require more critical thinking than ever before, and a recent global survey and report, “Risk Culture:

Building Resilience and Seizing Opportunities”, published by the Association of Chartered Certified Accountants (ACCA) together with the Association of Insurance and Risk Managers (Airmic) and the Professional Risk Managers’ International Association (PRMIA), unravels what our respective members think about risk culture and to what extent it helps or hinders their ability to navigate this fast-changing world.

key results

The key findings of our first-of-a-kind study are that risk conversations continue to happen in a vacuum at the top of organizations. While we see a will to improve risk culture, engagement across roles and functions requires much more engaging and careful communication than what is actually happening in practice. Overall, we found that everyone needs to be aware of risk because in today’s highly interconnected world, even a weak risk culture is better than none.

At the heart of our joint-research was an online survey, which attracted 1,823 responses – more than the World Economic Forum’s Global Risks Report 2023. Conducted during the last two weeks of October 2022, the survey was followed by an online community platform, one-on-one interviews, and other roundtable discussions, together allowing us to gather perspectives from over 2,000 risk and financial leaders around the world and across a wide range of industries.

Intelligent Risk - August 2023 22

ACCA is also including the questions in its quarterly Global Economics Conditions Survey (GECS) reports, so organizations can benchmark the data going forward and gain a better understanding of how and where risk is evolving from the accountancy professionals’ perspective.

When asked ‘what do you believe are the top three risk priorities at your organization today’, respondents of ACCA’s 2023 Q2 GECS survey showed that ‘regulatory, legal, compliance’ risks had dropped from first to fourth place since the survey in October 2022, with ‘economic inflation, recession, interest rates’ moving from third to first place and ‘talent scarcity, skills gaps, employee retention’ rising from fourth place to second.

Respondents from the Caribbean and Central and Eastern Europe were the only two regions that didn’t have ‘economic inflation, recession, interest rates’ as their first risk priority in 2023 Q2, with ‘regulatory, legal, compliance’ and ‘talent scarcity, skills gaps, employee retention’ taking the top spots, respectively, this time around. Interestingly, North America was the only region to see ‘logistics, supply chain disruption, supply shortages’ move into the top three risk priorities since October 2022, while Central and Eastern Europe was the only one with ‘misconduct, fraud, reputational damage’ in the top three; it tied with ‘economic inflation, recession, interest rates’ as third.

insights and calls to action

Responses to other questions, including ‘what do you feel is the most underestimated risk facing your organization today’, not only show just how lagging and lacking governance is at even some of the most mature companies, but also underline the power of questioning in informing major decision makers and ensuring positive risk-taking.

Risk and accountancy leaders can together “forage for information” and think beyond their limitations of knowledge to ensure their organizations make the most of today’s disruption.

As part of the report and overarching campaign to support our professions, we created the following 10 calls to action to help organizations assess where improvements can be made:

23 Intelligent Risk - August 2023

1. Empower risk leaders to drive risk culture and influence behaviors through a common language.

Risk knowledge should be shared and discussed together across functions. Risk leaders must reach out to others and not wait to be approached to discuss mutual interests that are critical to the organization (such as the key performance indicators (KPIs)), making team members feel involved in matters that affect them.

2. Resist the danger of tunnel vision when faced with a multitude of risks.

We see an understandable tendency for people to focus on the immediate issues relevant to their job, meaning that larger risks are ignored and a lack of diversity of thought informing decision making materializes. Getting risk conversations happening up and down the organization consistently is the secret sauce of a successful risk culture.

3. Assess the behaviors driving both good and bad outcomes.

Behavioral analysis provides rich insights about stakeholders’ attitudes that don’t make it into out-ofdate risk reports. Senior management should optimize that knowledge by linking it to strategy and policy, improving corporate governance, due diligence, and decision making.

4. Don’t mistake a “tick the box” compliance approach as true, value-added risk management.

Organizations should focus on the outcomes that rules and regulations seek to engender. In many ways, a compliance culture is the antithesis of a good risk culture. An effective risk culture enables the organization’s people to understand and take on the right risks in an informed manner and rewards them for this.

5. Consider how you define the role of accountants in risk culture, particularly on reconciling ethics with profits.

The complexities of today’s evolving business models mean accountancy professionals should be reviewing any conflicts with stated values and deciding whether opportunities are in line with desired ethics.

6. Communicate risk appetite and its purpose to help guide behavior and inform better decision making.

In the absence of a clearly defined risk appetite, decision-making will ultimately be reduced to personal judgment, which can depend dangerously on inference and is subject to bias.

7. Eliminate the fear factor by creating a “hands up” culture through visibility and leading by example.

Risk and accountancy professionals, in their various roles setting up risk governance processes, can intentionally affect the environment and how safe team members feel. Speaking up about risk is a behavior that organizations can and should encourage.

8. Measure and incentivize the risk culture you want by ensuring “everyone owns it”.

Risk culture is a crucial aspect of organizational culture given today’s risk landscape, and we found a direct correlation between a better understanding of risk footprint and enhanced working relationships and job satisfaction.

24 Intelligent Risk - August 2023

9. Promote good governance through role clarity and knowing who is responsible and accountable for what.

Leaders must ensure there is a clear distinction between responsibility and accountability, and that staff know what they are individually liable for. It won’t only be regulators stepping up their scrutiny; everyone is raising their expectations in today’s digital, vox pop world.

10. Coordinate multi-stakeholder engagement for pro-society outcomes.

Industry bodies must collaborate more with regulators to ensure that risk and financial professionals are well-informed and that communications between practitioners and policy makers are more meaningful and less geared to a “box ticking, being compliant” style of management.

Figure 2: Risk culture supervision
25 Intelligent Risk - August 2023

What do you believe is the most underestimated risk facing your organization today?

‘Climate change regulation and its impact on clients’, ACCA member in Ireland.

‘The financial market boom is underestimated by organizations, which may lead to inappropriate investment appraisal’, ACCA member in China.

‘A mass liquidity event in the market has been a concern. I think many businesses, organizations, and industries have failed to properly evaluate catastrophic low-probability risk events. The ability to continue as a going concern should be paramount. Sometimes a pure EV [enterprise value] look on things opens the door to potentially having to stop playing the game altogether. Staying in the game should be paramount’, ACCA member in USA.

‘Potential market disruption caused by AI to part of our customer base and our readiness for the impacts’, ACCA member in New Zealand.

‘Greenwashing, cheating risk and potential fraud’, ACCA member in Vietnam.

‘Skill and capability shortages across the sector and nation’, ACCA member in Scotland.

‘Non-adaptability of technological advancements’, ACCA member in Pakistan.

‘Customers’ changing demands’, ACCA member in Saudi Arabia.

‘Talent shortages due to migration to more stable and advanced economies’, ACCA member in Nigeria.

‘Risks in CEE [Central and Eastern Europe] due to the war in the Ukraine, including potential nuclear leak’, ACCA member in Poland.

‘Government and Bank of England having opposing economic approaches will lead to recession or a long period of stagnation’, ACCA member in the UK.

‘Succession risk’, ACCA member in Sri Lanka.

‘Fraud’, ACCA member in Hungary.

‘A prolonged period of high interest rates shall result in the need to pass this through the deposits, narrowing down the NII [net interest income] margin, and this may coincide [with] an economic cycle of recessionary times, making bank funding even more scarce and difficult to raise’, ACCA member in Greece

‘With economic hardships, staff may make fake deals with suppliers’, ACCA member in Malawi

‘Employees [not] understanding the strategy and vision of the company’, ACCA member in England.

26 Intelligent Risk - August 2023

Carl Densem


peer-reviewed by Rachael Johnson

Rachael Johnson is ACCA’s Global Head of Risk Management and Corporate Governance for Policy and Insights, and author of the recent report, Risk Culture: building resilience and seizing opportunities, published jointly by ACCA, Airmic, and Prmia.

Rachael has over two decades’ experience creating thought leadership on a range of financial topics, including risk, responsible investing, sustainable finance, regulatory change management, and risk governance. As the secretariat of ACCA’s Global Forum for Governance, Risk and Performance, she also advocates and provides comments for consultations for policy makers. In January. 2022 she set up ACCA’s Chief Risk Officer and Heads of Risk Forum and was awarded the DCRO’s prestigious Risk Exemplar’s award. Additionally, she is a member of both the Accountancy Europe’s (AcE) Corporate Governance Policy Group and the Business at OECD (Biac) Corporate Governance Committee, which is currently supporting OECD in revising the G20 Principles of Corporate Governance. She also serves on the ESG Exchange’s Technical Committee.

27 Intelligent Risk - August 2023

Stricter banking regulations and supervision implemented after 2008 were thought to have ensured banking system stability. The collapse of several noteworthy banks in 2023 disproved that. This article examines the basics of banking system interconnectedness and provides some additional policy recommendations.

systemic risk is back

After the collapse of Lehman Brothers in 2008, both bank regulators and the banks themselves engaged in a scramble to shield the system to prevent future bank failures that could spread throughout the system through interconnections. These included stricter criteria for bank capital adequacy, short-term and structural liquidity, and market risk, as well as enhanced supervision. Despite these efforts, in 2023 we became spectators to a series of episodes that shook everyone. First with the collapse of Silicon Valley Bank (SVB), Signature Bank (SB), then the Swiss giant Credit Suisse (CS) and First Republic Bank. While the first, second and fourth banks were not large enough to be considered systemic, so were not under the strictest supervision of the authorities, the fact that the second is not only systemic but also a major player in global banking was a very big negative surprise that shook the markets and woke up the fear of a new domino of bank failures. The Swiss government rushed to close the deal between Credit Suisse and UBS, considering this move to be the best available option to restore confidence in the markets. Next, Deutsche Bank found itself under the microscope of market participants, being under significant pressure, which was reflected in the increase of its CDS (the Deutsche Bank 1-year CDS surged from 46.703 on the 7th of March 2023 − to 225.132 on the 28th of March 2023, exhibiting a huge spike within the last three days).

The threat was back, but it looked like the system was more ready this time, due to academics, regulatory authorities and market participants having worked in the same direction. Although these efforts did not succeed in avoiding these three bank collapses, they did prevent a full-scale systemic risk event.

In the next sections, we review some basic concepts and make some policy recommendations.

Intelligent Risk - May 2023 28

systemic risk and banking interconnectedness

Although there is not a unique and widely accepted measure of contagion and systemic risk, both are closely related to banks’ synchronized behavior and correlated portfolios. Measures like conditional valueat-risk (CoVaR), which is the value at risk conditioned on the distress of institutions, and SRISK, which measures the capital shortfall of a firm conditional on a severe market decline, are used to quantify them. Nevertheless, those measures do not take into account the interactions within the banking system.

Interconnectedness can be measured by three equally weighted indicators, the intra-financial system’s assets, liabilities and bank debt, and equity securities. We distinguish the interconnectedness into two categories: direct and indirect. The first category refers to explicitly documented or otherwise directly observable links between entities through financial transactions, obligations, contracts, and other arrangements or relationships. Credit exposures between banks are among the most basic types of direct interconnectedness. The second category refers to the channels through which the distress of one entity can affect the distress of another entity, even in the absence of a direct link between the two. Ways in which distress can propagate between ostensibly unrelated entities include exposure to common assets, markto-market losses, margin calls and haircuts, shadow banking and information spillovers.

The pre-requisite to assessing systemic risk and interconnectedness is to identify the structure of a financial network. This allows the analysis to concentrate on how risk spreads from one node to the next.

To evaluate the resilience of a given network, two actions, each requiring multiple decisions, must be taken. First, the network should be subjected to a hypothetical shock, which necessitates determining what type of shock is suitable for analyzing the specific risk being evaluated. Endogenous shocks originate from within the network (e.g., the default of a bank in a banking network), while exogenous shocks originate from outside the network (e.g., a significant macroeconomic event). Moreover, to be considered is whether shocks are idiosyncratic (in which case they initially affect only one node) or common (in which case they affect numerous nodes simultaneously). Second, the propagation of the impact through the network should be analyzed. The propagation of a shock requires certain assumptions regarding the transmission of stresses between interconnected components. Stress can be transmitted sequentially, from one node to the next, or simultaneously, to multiple nodes at once. Shock propagation can be mechanical, or behavioral (e.g., trading methods based on heuristics), or both.

policy observations

When it comes to macroprudential regulation, either all the potential dangers have to be identified to set buffers against sudden changes, or shock absorption may be utilized to enhance resilience. The failure of the banking supervisors to detect the risk that ultimately brought down SVB, SB, CS and First Republic Bank is the point to focus on.

29 Intelligent Risk - August 2023

This is consistent with the current school of thought in financial regulation, which emphasizes a comprehensive inventory of potential threats before formulating rules and buffers to keep the risks away. Notably, the pool of potential threats and risks should accommodate the financial system in a broader sense, including non-systemically important banks, investment banks, shadow banks, asset managers and even insurance companies.

The other option is to make the banking system more resilient by improving its capacity to absorb shocks. The banking system, contrary to widespread assumption, is very robust, able to weather virtually any storm. Authorities might leverage this innate resilience to improve shock absorption, making the system more resilient to failures like SVB, CS and First Republic. The banking system can be diversified to achieve this, by issuing more bank charters, reducing concentration risk by spreading their risks across industries and asset classes, and lowering the impact of an industry downturn on the banks’ loan portfolios. The Basel III framework ensures banks have enough capital to sustain losses. Additionally, banks may transfer risks by insuring against natural disasters or cyberattacks. However, the findings about the true impact of diversification are still mixed1. Diversification actions in the direction of eliminating risks are happening with the rise of competition with non-financial institutions and FinTech or BigTech companies. Therefore, regulation should also be rethought. Basel III was written in a period during which nominal interest rates were falling, leading to banks’ assets’ appreciation; however, the regulatory framework should entail provisions for (especially aggressive) increasing interest rate periods, which would lead to a more dynamic and counter-cyclical approach to liquidity ratios. More variety means higher shock absorption in the system. This means rules can be made less onerous and cheaper to implement. The benefits would include faster economic growth, cheaper regulatory costs, and reduced systemic risk.

30 Intelligent Risk - August 2023
1 / Banwo, O., Harrald, P. & Medda, F. Understanding the consequences of diversification on financial stability. J Econ Interact Coord 14, 273–292 (2019).

Veni is a macrofinance and financial econometrics expert with more than fifteen years of experience in research, teaching, and the banking industry. She works as a Senior Economist at Piraeus Bank, and she is an Industry Associate at the UCL Center for Blockchain Technologies. Her research interests are systemic risk, macroeconomic uncertainty, and the implications of both for asset pricing and portfolio allocation. Recently, she has also worked on the effects of technological innovation on financial intermediation and systemic risk.

Veni holds a bachelor’s degree in mathematics from the National and Kapodistrian University of Athens and a PhD in financial econometrics from the Athens University of Business Administration.

Disclaimer: The views expressed are those of the author and do not necessarily reflect those of the Piraeus Bank.

Dr Andrea Calef is a Lecturer in Economics at the School of Economics of the University of East Anglia and a research member of the Centre for Competition Policy. Andrea conducts micro applied research in banking, international finance, and systemic risk as well as ESG Investing, FinTech and Crypto with focus on both investment and policymaking perspectives, due to his previous working experience at the European Central Bank and at a renowned asset management. He co-authored various responses to policymakers’ consultation papers. Part of Andrea’s projects are funded by grants (AERC and CERRE).

Piraeus Bank, Greece & UCL Centre for Blockchain Technologies, London, UK. School of Economics, University of East Anglia, Norwich, UK.
31 Intelligent Risk - August 2023
Steve Lindo peer-reviewed by

In this article the author discusses synthetic exposure to financial assets that simulates purchasing an option on the underlying asset without using derivatives. The approach uses the basic Black-Scholes pricing model and Hull’s delta hedging algorithm, which can replicate the trend in financial assets with observable market inputs (FX rates and short-term interest rates) and is tested on Apple and WTI oil futures to show its effectiveness. This provides a valuable contribution for practitioners as a simple and effective solution that can be readily implemented in a spreadsheet macro rather than through an often expensive and administratively complex options-based strategy.

riding out market disruption: an alternative to hedging with options

Challenger retail banks, insurance companies, and fund managers use data effectively to compete directly with longer-established industry incumbents, including more effective and efficient use of fintech-like ‘open banking’ payment systems and enhanced risk simulation modelling implemented alongside flexible cloud and edge computing. Meanwhile there has been comparatively little competition to the products provided by investment banks, meaning that products like over-the counter (OTC) financial option contracts remain expensive and inflexible for purchasers such as treasurers, investors, and insurers.

However, alternative solutions that can leverage the simulation power of cloud and edge computing are now becoming available that may better suit the budgets and operational constraints of purchasers of investment banks financial products. In this article we examine a delta hedging model implemented without options that can be calibrated to suit users’ risk profiles and is cost effective in calculating a hedge ratio based on the historic volatility of the underlying asset rather than the alternative strategy of purchasing options priced using implied volatility.

delta hedging use cases

Opportunities for delta hedging without options are demonstrated by a corporate client approaching a Treasurer to actively manage their Apple share exposure.

Intelligent Risk - August 2023 32 introduction

The corporate client is seeking to maintain exposure in order to participate in Apple share upside but with a lower threshold of risk – essentially the client would like to implement an option roll forward strategy on Apple shares but simulations reveal that using options renders this strategy prohibitively expensive and administratively complex as available option expiry dates do not match the required period of the hedge.

Portfolio insurance without options provides an opportunity to hold Apple shares and cash in proportion to the hedge ratio of a synthetic Apple share option contract. This strategy has the advantage of setting the risk profile of the strategy to match the client’s desired exposure to Apple shares. The Treasurer could implement this Apple share portfolio insurance strategy as follows:

Similar use cases can be constructed for an insurance Risk Manager hedging the interest rate risk of their liabilities by constructing a portfolio of assets that match any movement in the value of liabilities resulting from a change in interest rates to meet regulatory restrictions, a Private investment manager managing a client’s Tesla share exposure, an insurance company underwriting a client’s Bitcoin exposure and a trader arbitraging by selling WTI ICE options and buying delta-hedged WTI ICE futures without using options.

recent market disruption and downsides of options use

In late 2022 US investors turned to buying put options on individual US stocks1 after being frustrated by a controlled decline in the S&P 500 that negated the insurance provided by their short-term S&P 500 put options and VIX volatility index related protection. However, such a strategy is unlikely to be more successful during a prolonged period of market risk. What investors, treasurers, traders and insurers need are flexible hedging solutions that allows them to customise their risk profile then roll their hedge forward cost effectively for as long as they need protection from directional risk caused by market volatility.

As options based hedging strategies increase market volatility by amplifying price movements before fuelling a rebound2, a flexible, non-options based hedging solution would benefit participants who prefer less volatile markets. Delta hedging without derivatives offers long term asset price volatility insurance via a mechanism for gaining synthetic exposure to financial assets through the use of a technique that simulates purchasing an option on the underlying asset with an algorithm that leverages the concept of delta hedging, potentially disrupting the financial options market.

applying delta hedging without options

A delta hedge trading strategy that replicates the performance of an option by buying and selling the underlying asset in proportion to changes in the option’s hedge ratio can be used as an alternative to expensive and operationally complex derivatives.

1 / Investors pile into insurance against further market sell-offs | Financial Times ( 2 / How Options Hedging for Oil Is Turbocharging Volatility (
33 Intelligent Risk - August 2023

A spreadsheet model with embedded macros replicating Hull’s3 Black-Scholes4 based delta hedging technique with a market momentum and trade reversal suppression measure was calibrated using:

1. Bank of England US$ vs £ exchange rates, 1-month US LIBOR and geometrically weighted historical US$ vs £ exchange rate volatility to simulate 91-day options.

2. S&P 500 daily returns, 1-month US LIBOR and geometrically weighted historical S&P 500 daily return volatility to simulate 91-day options.

Using this model with Apple shares (AAPL)5, 91-day AAPL options were simulated from 2011 to 2023. Figure 1 shows comparative cumulative 91-day plan performance figures for log-returns of unhedged AAPL shares, delta hedging without options and 1-month US LIBOR.

In order to assess the model’s success in replicating options, Figure 2 plots the quarterly return of each of the 44 replicated options against unhedged AAPL share price return which should be similar to the option’s pay-off diagram taking account of the lower cost of the hedge (using historic rather than implied volatility).

replicate Options

3 / Hull, J. C. “Options, Futures, and Other Derivatives” 3rd edition Prentice Hall 1997 Pages 312 - 317

4 / Black, F. and M. Scholes “The Valuation of Option Contracts and a Test of Market Efficiency”, Journal of Finance, 27 (May 1972), 399-418 5 /

Figure 1: Delta Hedging without options vs AAPL share price (2011-23) Figure 2: Plot to assess how well AAPL Delta Hedging without Options
- August 2023
Intelligent Risk

Another assessment of the model’s success in replicating options, plotting the quarterly return of each of the 44 replicated options against unhedged AAPL share price return as a bar graph, is shown in Figure 3.

Using Amazon and Tesla share prices produced consistent results to Apple.

Using the same model with WTI ICE Future prices6, 91-day WTI options were simulated from 2011 to 2023.

Figure 4 shows comparative performance figures for WTI, delta hedging without options and 1-month US LIBOR were then generated based upon these calculations for the entire simulated period by cumulating consecutive 91-day plans. 6 /

Figure 3: Bar diagram to assess how well AAPL Delta Hedging without Options replicates Options
35 Intelligent Risk - August 2023
Figure 4: WTI ICE Futures vs. Delta Hedging model (2011-2023)

In order to assess the model’s success in replicating options, Figure 5 plots the quarterly return of each of the 46 replicated options against unhedged WTI ICE Futures price returns, which should be similar to the option’s pay-off diagram taking account of the lower cost of the hedge (using historic rather than implied volatility).

Plotting the quarterly return of each of the 46 replicated options against unhedged WTI ICE futures price return as a bar graph, is shown in Figure 6.

Using Brent ICE Futures and Gold Futures produced consistent results to WTI ICE Futures.

Figure 5: Plot to assess how well WTI Delta Hedging without Options replicates Options Figure 6: Bar diagram to assess how well WTI Delta Hedging without Options replicates Options
36 Intelligent Risk - August 2023


Simulated delta hedging trading strategies that take a position in cash and an underlying asset proportional to the hedge ratio of a synthetic option provide a cost-effective alternative to strategies that use options to delta hedge portfolios of equities and commodities. Due to its flexibility, the delta hedging without options model has also been successfully applied to small cap and cryptocurrencies where derivatives (if available) are often illiquid as well as expensive. As delta hedging is based on Black-Scholes, extensions to this model may be included like the volatility smile and fat tails in the underlying asset, but the strategy in turn suffers from known Black-Scholes limitations, such as assuming no arbitrage opportunities and that asset returns follow a lognormal pattern, thus ignoring large price swings that are observed more frequently in the real world.

Malcolm is a Chartered Member of the Chartered Institute for Securities and Investments. As a Certified Practicing Project Manager (CPPM MAIPM), he has more than 30 years’ experience working on projects in the UK and Australia, specializing in market risk, derivatives and commodities. Malcolm has worked as a consultant at companies including Bank of America Merrill Lynch, London Metal Exchange, Nomura, ABN Amro, EDF Trading, Santander and Lloyds Bank and has been a guest lecturer at several universities. Malcolm has had articles published in professional investment magazines and has written several eBooks.

37 Intelligent Risk - August 2023

This article explores the areas which should be of most concern to managers as data privacy laws are rolled out and start to take effect. The author describes five key corporate operational risks that management should review closely in order to implement appropriate measures to comply fully with the stringent requirements of Data Protection and Privacy regimes.

managing data privacy risks in the current corporate environment

introduction to risk

According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected.

ISO 31000 recognizes that all of us operate in an uncertain world. Whenever we try to achieve an objective, there’s always the chance that things will not go according to plan. Every step has an element of risk that needs to be managed, and every outcome is uncertain. Whenever we try to achieve an objective, we don’t always get the results we may expect.

Sometimes we get positive results and sometimes we get negative results – and occasionally, we get both. The traditional definition of risk combines three elements: it starts with a potential event and then combines its probability with its potential severity. A high risk event would have a high likelihood of occurring and a severe impact if it actually occurred.

the arrival of data privacy laws

The coming of privacy regimes for private corporations and public organizations, have focused leaders’ thoughts on the personal data held within their organizations and how best to protect it against various risks these data face. Since the first step towards securing and protecting anything is understanding what you have, an Information Asset Register is crucial.

1 / Other countries with GDPR-like Data Privacy Laws include: Brazil (LGPD), Australia, U.K., Canada, China and Chile. For more details, see:
Intelligent Risk - August 2023 38

An Information Asset Register (IAR) is a database which holds details of all the information assets within your organization. This can include:

• Physical assets such as paper files

• Computer systems

• Data and how you store, process and share it

Creating an IAR helps to make information assets easy to find, share and maintain. This will also help organizations develop and maintain the processing records requirement of GDPR and LGPD for personal data.

Any organization that is required to comply with the relevant privacy regime (GDPR, LGPD, etc.) must conduct regular risk assessments and must implement ‘technical and organizational measures to ensure a level of security appropriate to the risk.’

To do that, organizations need to know what their risks are and how severe subsequent threats may be. Companies need to identify the most appropriate solutions for mitigating risk and ensure they meet the relevant privacy regime’s requirements to:

• Safeguard the confidentiality, integrity, availability and resilience of personal data, processing systems and services

• Quickly restore the availability of and access to personal data after a data breach, and

• Regularly test the effectiveness of technical and organizational measures for safeguarding the security of processing 2

Also, as privacy is a fundamental right for all people, GDPR and other privacy regulations require that organizations fully consider the risks that processing poses to the privacy and freedoms of individuals. Some examples that are more likely to result in ‘high’ risk include:

1. Systematic automated profiling

2. Large scale monitoring of sensitive data

3. Systematic monitoring of a publicly accessible area

The following are five key corporate operational risks (COR) management teams should look at more closely in relation to GDPR, LGPD, and other privacy regimes.

2 / For a full set of measures to enable and support organizations to comply fully with privacy regimes (GDPR for EU, and LGPD for Brazil) and improve their personal data processing operations are detailed in the author’s books (see ‘author’s summary data’ for link to the books).

39 Intelligent Risk - August 2023
corporate operational risks where vigilance is needed

COR 1. Cyber risk

Organizations should have in place, under all privacy regimes, the right Information Asset Risk Assessment Process to detect and investigate a personal data breach and ensure the firm has the right measures in place to notify the individuals impacted and the authorities.

A usual Information Asset Security Risk Analysis and Management Methodology contains the following steps:

• Step 1. Identify Information Assets

• Step 2. Classify and label information

• Step 3. Identify threats

• Step 4. Identify vulnerabilities

• Step 5. Assess security risks

• Step 6. Identify security measures

• Step 7. Document assessment results.

COR 2. Reputational risk

Under GDPR and LGPD, individuals (data subjects in the GDPR and LGPD lexicons) have several rights, including the right to be informed about the data a firm holds, the right of erasure, the right to data portability, and the right to not be subject to automated decision-making, including profiling. Given the sensitive nature of much of the data processing all organizations do on individuals, it’s likely that many firms will be tested for privacy-compliant personal data handling by individuals, consumer groups and other advocate groups.

COR 3. New system/product/service risk

GDPR and other regimes now make it a legal requirement for firms to adopt a privacy by design and by default approach in new system/product/service development. Firms must carry out a Data Protection Impact Assessment as part of new system/product/service development project in many circumstances.

COR 4. Human resources risk

Personal data exist in both computerized databases (e.g., personnel, customer) as well as in the employment records held within the Human Resources function.

HR teams should make sure that all of the GDPR requirements are implemented within the Human Resources’ handling of employee and applicant data. Compliance measures include: an Employee privacy policy, Employee Confidentiality Statement, etc.

COR 5. Compliance risk

The fines that could be imposed for failure to comply with GDPR, LGPD and other regimes can be disastrous. For GDPR they can be as high as €20 million, or 4% of a firm’s annual global turnover.

40 Intelligent Risk - August 2023

It is paramount that management should work with compliance teams to ensure that proper measures and documentation exist to comply fully with the relevant privacy regime to mitigate this risk.


Clearly it makes good business sense for firms to establish procedures and automated mechanisms (software) to monitor data protection and data privacy-related risks, requests from individuals for their personal data, breaches and other events that may impact operations, so that they can track and manage these risks more effectively, as well as report on them to senior management and the board. Understanding these risks will help organizations abide by regulation and thereby avoid costly compliance fines, plus limit other consequences such as corporate reputation and brand damage.

Carl Densem, Elisabeth Wilson


peer-reviewed by John Kyriazoglou

John Kyriazoglou, B.A (Hon), CICA, is a Business Thinker, Consultant and an Author. He is currently the Editor-in-Chief for the Internal Controls Magazine (U.S.A.) and consults on Data Privacy and Security Issues (GDPR, e-Privacy, etc.) to a large number of private and public clients. He has written numerous articles and several books on Data Privacy, Business Management Controls, IT Strategic and Operational Controls, Teleworking and Ancient Greek Wisdom.

For more details, see: Bookboon

41 Intelligent Risk - August 2023


Cyber insurance premiums have increased and insurers are reducing coverage, putting CFOs and risk managers under pressure to negotiate smartly for cyber insurance. Cyber risk is now a significant business risk. Quantifying cyber risk using FAIR enables accurate assessment and cost-effective mitigation. Organizations can make informed decisions by leveraging benchmark data and FAIR analysis, combining insurance with good security practices.

to get the most from cyber insurance, demand more from your information security team

Cyber insurance premiums have seen an 11 percent increase in Q1 2023, as reported by insurance brokerage Marsh1. Insurers are not just raising premiums but reducing coverage as well. This places increasing pressure on CFOs, risk managers and their attorneys to read policy documents with an eagle eye and negotiate smartly on cyber insurance as well as other lines such as D&O, general liability/ CGL, crime insurance, property insurance, which may also provide coverage for a cyber-instigated loss event.

Cyber risk has become a significant business risk. Ransomware attacks have exploded. In 2022, approximately 66 percent of organizations reported to be victim of ransomware attacks, as indicated by a Sophos survey of 5,000 organizations. With “digital transformation” being a top priority for many organizations, the cyber “attack surface” will continue to grow, increasingly impacting corporate operations.

Insurance is just one aspect of the puzzle in “transfer, tolerate, treat or terminate.” CFOs need to understand the entire spectrum of cyber risk and response. That requires normalizing cyber risk as part of enterprise risk. Achieving this goal requires quantification of cyber risk in dollar terms so that it can be aligned with the rest of the disciplines of enterprise risk.

1 / Insurance Journal, Intelligent Risk - August 2023 42
understanding cyber risk in the context of enterprise risk is a broader challenge

But that bumps up against a wall – information security teams have long insisted that cyber is special, unique among risk management disciplines, and can’t be quantified or normalized like other risks. They have often persuaded CFOs and enterprise risk managers of this perspective. Some of the objections to quantifying cyber risk include:

“In cybersecurity, unlike other insurance areas, adversaries are always innovating, so there’s no reliable way to model future conditions.”

“Accurate data isn’t available about security at insured organizations, and anyway the data is always changing.”

As a result, InfoSec managers tend to produce technical reports showing their compliance with frameworks and other best practices. They may also argue – without any measurement – that spending more on controls reduces the risk.

However, they can’t answer direct questions such as:

• “How much cyber risk do we have, in dollars of loss exposure?”

• “What are our top risks for loss exposure and likelihood of occurrence – and what are the main drivers of those risks?”

• “How much cyber insurance do we need – and how can we balance the investment in premiums over time vs. the coverage we purchase vs. the cyber risk we face?”

CFOs and enterprise risk managers must demand more from their security teams. Savvy security teams know that those objections to quantifying cyber risk (lack of a model, lack of data) no longer hold true.

the emergence of a cyber risk quantification standard

Factor Analysis of Information Risk (FAIR™) is a global standard for quantifying cyber, technology and operational risk in financial terms. FAIR is maintained by The Open Group and recognized by the National Institute of Standards and Technology and other risk management authorities.

FAIR enables a statistical value at risk (VaR) model for cyber and operational risk that allows those risks to be quantified in financial terms, on par with other models already in use for assessing credit and market risk. FAIR complements the leading risk management and controls frameworks from NIST, ISO, COSO and more, by providing a common risk taxonomy and risk analysis model.

43 Intelligent Risk - August 2023

Today, the available software and managed services solutions can facilitate the quantification of top cyber risks in financial terms and help determine the most cost-effective risk mitigation initiatives, as well as the appropriate type and amount of cyber insurance coverage.

According to Panaseer’s 2022 Cyber Insurance Market Trends Report, manufacturing, financial services, and healthcare industries make the most cyber insurance claims. Leveraging risk data of those industries into a cybersecurity quantification model like FAIR, business leaders can make smarter investment decisions about cyber insurance for their organizations.

Insurance is often considered to mitigate the effect of unexpected “tail” risks. Quantitative risk analysis gives decision makers a rational, data-driven approach to the problem. First, quantifying the factors that would result from a major cyber attack – for instance, an outage of the main e-commerce site – gives the organization a clear look at a range of probable impacts. Second, quantifying loss exposure gives leadership the direction it needs to set an upper level on risk tolerance. Both sets of numbers are critical to assess current levels of spending and coverage for insurance.

When evaluating insurance options, business leaders should ask the following questions:

• What are our critical assets, and what is their worth?

• What period does the policy cover?

• What attackers and threats are covered?

• How does the cyber policy interact with other insurance?

• What should we insure and what cyber solutions should we update?

benchmark data is now available

The good news is that curated, updated industry data from reliable sources on the frequency and the magnitude of cyber loss events is now available specific to industry, geography, firm size, database size or other characteristics. Organizations can combine this external data with their own internal data and plug into FAIR analysis to achieve accurate, detailed results that support risk-based decision-making.

Backed by quantitative risk analysis, CFOs and risk managers can confidently assess cyber insurance coverage, leveraging detailed knowledge of probable risk based on type or location of a business unit, type of attack (ransomware, social engineering, etc.) or type of loss (revenue drop, legal fines and judgments), among other parameters.

With the application of FAIR, risk analysts can also game out mitigation strategies to assess their effect on risk reduction in dollars. This enables true cost/benefit analysis. Thanks to advances in risk models, software and data, cyber risk quantification analyses for insurance evaluation can be completed in a matter of minutes.

44 Intelligent Risk - August 2023

Buying cyber insurance is not a substitute for good security practices. Insurance companies still require that insured organizations maintain minimum levels of security practices. But buying insurance as part of a fully risk-informed strategy for transfer, tolerate, treat, or terminate risk is increasingly viewed as a best practice. With the ease of implementing quantitative analysis for cyber risk, every organization should adopt the approach to enhance effective risk management.

Peter Ding

Nick Sanna

As President of Safe Security, Nick Sanna is responsible for the definition and the execution of the company strategy that established RiskLens as the market leader in cyber risk quantification. Sanna is also the founder of the FAIR Institute, a non-profit expert organization dedicated to advancing the discipline of measuring and managing information and operational risk, that was named one of the three most influential industry organizations of the last 30 years.

Sanna also serves as a board member of the Internet Security Alliance.

Sanna brings over 25 years of experience in helping organizations leverage technology innovation to drive better business outcomes, with prior roles as President and CEO of RiskLens, CEO of Netuitive and e-Security, COO and Vice President, EMEA, at ASG, and Vice President, Sales and Marketing, at Amplitude. Sanna is fluent in five languages and received a master’s degree in economics and trade from the University of Rome La Sapienza.

author peer-reviewed
45 Intelligent Risk - August 2023

SVB’s sudden demise took everyone by surprise given their lucrative venture capital and tech clients. As a bank, though, poor Asset/Liability management is bound to exacerbate risks, especially if the regulator can not keep an eagle eye on regulated entities. The author walks through the making of SVB’s collapse with lessons for managing through the economic cycle.

balance sheet risk management in stressful times: lessons from Silicon Valley Bank


The risks of the prolonged pandemic crisis of the last three years and the armed conflict between Russia and Ukraine for over a year have devastated many parts of the global economy. The heightened inflation caused by emergency economic measures has led to a rise in policy interest rates and falling yields in bonds. This has exacerbated risks of erosion in the value of investment portfolios built by banks and financial entities during pandemic times when interest rates were ultra-low.

The enormity of the liquidity risks inherent in investment portfolios led to the fall of even some prominent banks in the US. Silicon Valley Bank (SVB), Signature Bank and First Republic had to be closed down, while Silvergate Capital Bank sought voluntary liquidation. The collateral damage caused by the US banking crisis eroded investor wealth amid seismic volatility of stock markets across the globe. The crisis also stretched to Europe where UBS Group AG had to take over Credit Suisse Bank. In the following sections, we look at how liquidity risks, if not managed well, can lead to the collapse of banks.

SVB, the 16th largest bank in the US, focused on serving start-ups, tech giants, and high net worth individuals. When interest rates were at a low ebb, start-ups were receiving more investments. As a result, targeting start-ups and tech companies produced a massive increase in SVB’s deposit base from US $62 billion in December 2019 to US $189 billion by the end of December 2021, taking the total asset size of the bank to US $212 billion.

liquidity risk turns toxic for SVB Intelligent Risk - August 2023 46

While deposits were rising, SVB was not able to lend due to low demand for credit during the pandemic. The inability to deploy resources in loan assets prompted SVB to park deposits in its investment portfolio at low interest rates. Whether such concentration of resources in the securities market at low interest rates was envisaged by the investment and Asset/Liability Management (ALM) policies of the bank is debatable.

ALM and liquidity risk management are the two constituent disciplines of balance sheet management. Liquidity risk is managed by using a structured framework designed to capture the behavior of the residual maturity period of assets and liabilities of the bank in order to measure liquidity gaps in different time buckets. Such liquidity data enables the Asset and Liability Committee (ALCO) of the bank to plan the optimization of resources.

In the melee of high deposit inflows during the pandemic times, SVB invested US $80 billion in mortgagebacked securities (MBS) with greater than 10-year duration and a weighted-average yield of 1.56 percent. In order to manage the yields and mark-to-market (MTM) losses, the bank chose to designate a higher proportion as Held to Maturity (HTM) instruments rather than Available for Sale (AFS) securities, something which banks across the globe opt for as normal risk management practice. Instruments held under HTM are not subject to MTM.

the tipping point of SVB’s liquidity crisis

In the post-pandemic times, the economy started to revive and inflation began to climb to a new high. The central banks in major parts of the globe started to increase interest rates, absorb excess liquidity, and tighten liquidity windows beginning in 2022 to fight raging inflation. Just as central banks were mounting efforts for policy normalization after the pandemic, the new crisis of the Russia-Ukraine war, sanctions imposed on Russia, and other geopolitical risks exacerbated financial sector risks.

As a result of a shift in the macroeconomic setting, the deposit inflows at SVB slowed down. Customers earning low interest rates on deposits placed during the pandemic times suddenly found multiple avenues for better deployment. Higher interest rates elsewhere and liquidity needs prompted them to withdraw their deposits from banks. In these changed liquidity conditions, SVB experienced a high volume of withdrawals. As a result, SVB had to manage heightened liquidity risk which reached a tipping point.

The normal strategies to tackle liquidity risks cannot work when mismatches far exceed the bank’s ability to manage them. When a bank’s liquidity risk appetite is built for normal times, coping with stressful times calls for extraordinary measures.

To cope with its unsustainable mismatch situation, SVB decided to sell part of its AFS portfolio and raise capital. SVB initially sold part of its investment portfolio at a loss in order to garner US $21 billion to shore up its liquidity. Then, on March 9, Silvergate Capital’s voluntary insolvency announcement made it impossible for SVB to tap the equity market and the run on the bank became inevitable.

47 Intelligent Risk - August 2023

When more depositors started withdrawing their money in a matter of hours, many through online transfers, the bank had to start selling more of its assets at losses to fund depositors’ withdrawals. This was the tipping point of liquidity risks that pushed SVB to sell investments in the secondary market at a loss of US $2 billion, leading ultimately to its collapse.

regulators and supervisors need to introspect:

The US Federal Reserve Board conducted a review of the supervision and regulation of SVB and identified certain key reasons for its failure:

1. The Bank’s board of directors and management failed to manage their risks;

2. Federal Reserve supervisors did not fully appreciate the extent of the vulnerabilities as SVB grew in size and complexity;

3. When supervisors did identify vulnerabilities, they did not take sufficient steps to ensure that SVB fixed those problems quickly enough; and

4. The Board’s tailoring approach in response to the Economic Growth, Regulatory Relief, and Consumer Protection Act and a shift in the stance of supervisory policy impeded effective supervision by reducing standards, increasing organizational complexity, and promoting a less assertive supervisory approach.

Risk management policies are typically designed to cope with usual business risks. While accepting new deposits during the easy money regime, SVB could have (but didn’t) anticipate post-Covid trends and challenges in the financial sector – rising interest rates, falling yields, and expensive liquidity. If SVB had anticipated the post-Covid challenges, it could have altered the course of its liquidity risk management strategies to ring-fence the organization and prevent its failure. Risk appetite should always be well-conditioned to meet changing business dimensions. Flexibility and application of vision and dexterity in managing liquidity risk can be the differentiating factor in times of stress.

lessons from these bank failures

An effective risk management program has a dual proactive role – (i) setting appropriate risk appetite by making room for stressful times, and (ii) envisioning future risks and building resilience.

The epicenter of accumulated balance sheet risks in SVB were the gaps in liability management and the inability to forecast future liquidity and cash flows. The resultant risks simply swept away SVB and unleashed fragility in many others as collateral damage. The plunge in the share price of a major European bank - Credit Suisse - was part of the collateral damage of SVB’s collapse. Credit Suisse was the 17th largest systemically important European bank. Thus, the lack of preparedness of regulated entities is an ongoing threat to the financial stability critical for economic revival from the pandemic.

48 Intelligent Risk - August 2023

Taking a cue from the regulatory guidelines to strengthen risk management capabilities is essential to fighting the current spate of geopolitical and global financial risks. In a globalized world, it is difficult to stay decoupled from each other. Articulating risk management checkpoints from time to time and testing the bank’s resilience are vital for organizational growth.

While banks may not be able to control spillover risks from macroeconomic developments, they do have control over their own liquidity and balance sheet composition in the near term. Internal risk tolerances have to be more conservative than regulatory norms. Surviving with moderate profits is better than optimizing income during stress-free times in the mistaken belief that it is a perpetual opportunity.


1. Barret, Jonathan. “Silicon Valley Bank: why did it collapse and is this the start of a banking crisis?” The Guardian. https://

2. Murray, Conor. “What To Know About Silicon Valley Bank’s Collapse—The Biggest Bank Failure Since 2008.” Forbes.

3. “Risks To Financial Stability Have Increased, Warns IMF Chief.” NDTV.

4. Klint, Carolina. “These are the top risks for business in the post-COVID world.” World Economic Forum. https://www.

*The author is Adjunct Professor, Institute of Insurance and Risk Management, Hyderabad, India. The views are his own.

Srinivasa Rao teaches risk management at the Institute of Insurance and Risk Management (IIRM), Hyderabad. India. He has been with Bank of Baroda with wide experience in managing risks at the corporate level.

He was associated with business process reengineering and was engaged in asset liability management. He worked to design bank level policies to manage diverse risks in business operations.

He is passionate in teaching, writing and publishing. He brings his vast industry experience to the classroom in B – Schools. He is keen in disseminating digital and financial literacy to ensure that stakeholders are able to explore the power of digital banking.

author peer-reviewed by
49 Intelligent Risk - August 2023

Toyota’s philosophy has been the subject of management studies and led to offshoots like Lean Management and 5S. However, the reduction of Toyota’s principles into new amalgams left out the key elements that made it work so well in the first place. The transparent, learning culture is needed today for a risk aware approach.

its impact on risk culture

Lots of organisations interpret Toyota philosophy as Lean management, which it is not. It is based on the oriental philosophies of Wuxing (Chinese: ; pinyin: wǔxíng; Japanese: gogyō; Korean: ohaeng; Vietnamese: ngũ hành, usually translated as Five Phases or Five Agents, a fivefold conceptual scheme that many traditional Chinese fields used to explain a wide array of phenomena, from cosmic cycles to the interaction between internal organs, and from the succession of political regimes to the properties of medicinal drugs. The “Five Phases” are Fire (huǒ), Water (shuǐ), Wood (mù), Metal or Gold (jīn), and Earth or Soil (tǔ).

This philosophy is widely accepted in the East thus buy-in by the whole organisation was easy.

Toyota extracted from gogyō, 14 principles that was then known as the Toyota Way, as shown in figure 1.

Figure 1: The 14 Toyota Principles From Liker JK. Toyota Way: 14 principles from the world’s greatest manufacturer. New York: McGraw Hill; 2004; with permission.
Synopsis Intelligent Risk - August 2023 50 1 / Wikipedia contributors. “Wuxing (Chinese philosophy).” Wikipedia, The Free Encyclopedia, 28 May 2023. Web. 11 Mar 2023

transformations of Toyota and the 14 principles

From this system numerous attempts were made in the West to extract section 2, without sections 1, 3 and 4 which are known as Lean Management and fit into the ‘Time and Motion’ studies developed by Frederick Winslow Taylor.

In the late 20th century, Toyota was encouraged to abandon their system to gain more control of the production process. The result of this action was the break in the ‘psychological contract’ with the staff at Toyota. Toyota had promised that the staff would be rewarded for their productivity and their children would be guaranteed jobs. In effect, the staff would control and deliver Total Quality Management for and on behalf of Management. Thus, operational risk was delivered by frontline staff. When the management broke the psychological contract, the staff ceased the management of Total Quality Management and productivity remained stagnant for decades.

Effectively, the Toyota Way started off as an inclusive bottom-up Theory Y management style that converted into a top-down Theory X management style, where management knows best.

The 7 principles of section 2 above then got reduced to “The Steps of 5S. 5S was created in Japan, and the original “S” terms were in Japanese, so English translations for each of the five steps may vary. The basic ideas and the connections between them are easy to understand, though. These steps feed into each other, so the sequence is important” (Hayashi, Makoto; Hayek, Matthias 2013).

‘The right process will produce the right results’ then became ‘get it right the first time’ to complete the move from Theory Y to Theory X. Many private sector disrupters are moving to Theory Y, whilst many public sectors and established businesses are moving to Theory X, even though the latter is generating the same stagnation found in Japan.

theory Y and theory X

Theory Y is required to deliver an open, transparent learning culture. This will drive an Anti-Fraud, Audit and Risk Aware Culture where whistleblowing is celebrated and not hunted down. It also creates an environment where staff are seen as a resource to be invested in to create productivity improvements.

Table 1 - The Steps of 5S
51 Intelligent Risk - August 2023

Theory X has its time and place, especially when dealing with subcultures. It implies that management knows best, which is not always the case as the workforce becomes more educated as well as trained. It is particularly challenging in multi-professional industries such as health and aeronautical industries. Theory X is more likely to see staff as a cost that must be minimised, and training is normally only provided for compliance purposes.

Management knows best is particularly used in Theory X firms where Competency Mature Matrix models assess the levels of ‘Bounded Rationality’ (Simon 1957) that exist in an organisation. This model could help us to understand why many organisations never get anywhere near their Production Possibility Curve.

Assurance mechanisms and regulators could not only consider minimalist compliance issues but should be encouraged to consider strategies that help to drive growth for the organisations that they investigate and the nation.


1. Hayashi, Makoto; Hayek, Matthias (2013). “Editors’ Introduction: Onmyodo in Japanese History”. Japanese Journal of Religious Studies: 3. doi:10.18874/jjrs.40.1.2013.1-18. ISSN 0304-1042.

2. Simon, H.A., 1957, Models of Man, New York, Wiley & Sons.

3. Theobald, Ulrich (2011) “Yin-Yang and Five Agents Theory, Correlative Thinking” in - An Encyclopaedia on Chinese History, Literature and Art

Michael Parker Carl Densem

Michael is the Founder and CEO of Parkers, Accountant and Management Consultants. Michael was made the Commander of the British Empire in December 2010. He is an Honorary Fellow of King’s College, University of London and Honorary Life Member of the Institute of Risk Management. He is the Chair of Audit at NHS Surrey Heartlands Integrated Care Board, prior to this he served as Chairman at King’s College Hospital NHS Foundation Trust for nine years after being Non-Executive Director and Vice Chair at Guy’s and St. Thomas’ NHS Trust.

Michael was the Associate Professor of Accounting and Financial Management at Henley Business School as well as holding other academic roles. He studied Economics at Brunel University and Birkbeck College, University of London. He is a Fellow of the Association of Chartered Certified Accountants and was a Registered Auditor for a while. He was a member of the Association of Chartered Certified Accountants’ Health Panel and was the Chairman of the Corporate Governance and Risk Management Committee for the Association of Chartered Certified Accountants.

author peer-reviewed by
52 Intelligent Risk - August 2023


The Gulf countries have benefited from plentiful natural resources and leveraged their location to occupy a key role in the global economy. This leaves them vulnerable to the effects of climate change, which may be particularly harsh in Gulf countries, and the broader decisions on how to deal with it. Oil and gas are still needed but, as the author argues, thought needs to be given to what comes next.

climate risk in Gulf Cooperation Council (GCC) countries – an enterprise risk management perspective


The Gulf Cooperation Council (GCC countries), comprising Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates, hold a prominent position in global trade, finance, and energy markets, allowing them to exert substantial influence in regional affairs. Situated strategically on the Arabian Peninsula, these countries benefit from vital shipping routes and close proximity to major global markets. Their advantageous location serves as a pivotal trade and transportation hub, bridging Europe, Asia, and Africa.

Abundant reserves of oil and natural gas are found within the GCC countries, collectively representing a significant proportion of the world’s proven oil reserves. This resource wealth positions these countries as major players in the global energy market, granting them considerable economic leverage and influence. Additionally, the GCC countries have made extensive investments in developing worldclass infrastructure, encompassing airports, seaports, road networks, and advanced communication systems. These modern infrastructure networks facilitate seamless trade, attract investment, and enhance connectivity, establishing the GCC as an appealing business hub.

Moreover, several GCC countries have established sovereign wealth funds (SWFs), which are stateowned investment funds. These SWFs accumulate and effectively manage substantial financial assets, serving as a source of capital for domestic development projects and international investments. Consequently, these funds bolster the economic resilience and influence of the countries. Furthermore, the GCC countries have generally maintained political stability and security, which are highly appealing attributes for investors and businesses. Their governments have implemented measures to ensure stability, including robust governance, adherence to the rule of law, and strong defense capabilities.

introduction Intelligent Risk - August 2023 53

climate change vulnerability

It is important to note that the GCC countries are also highly vulnerable to the impacts of climate change. The region is already witnessing rising temperatures, declining precipitation, and a heightened frequency and intensity of extreme weather events like heatwaves, dust storms, and floods.

Let’s dive deep into the climate risks faced by GCC countries:

• Extreme Heat: The GCC region is known for its extremely high temperatures, particularly during summer months. Rising temperatures due to climate change can exacerbate heatwaves, leading to increased heat-related illnesses, power outages, and reduced productivity.

• Fire Safety Risk: The GCC countries have extensively used cladding in buildings as part of their architectural designs and to enhance energy efficiency. However, the hot and arid climate, combined with strong winds and sandstorms, creates specific challenges related to cladding materials and fire safety. These climate risks present significant challenges to the economic, social, and environmental systems of the region. Implementing robust fire safety regulations and standards is crucial to ensure that buildings are adequately protected against fire hazards.

• Water Scarcity: GCC countries already face water scarcity issues due to limited freshwater resources. Climate change further intensifies this challenge by altering precipitation patterns and increasing the frequency of droughts. This puts additional pressure on water supplies for agriculture, industry, and domestic use.

• Sea-Level Rise: Coastal regions of GCC countries are vulnerable to sea-level rise, which is primarily driven by global warming and melting ice caps. Rising sea levels can lead to saltwater intrusion, coastal erosion, and damage to infrastructure, including airports, ports, and coastal cities.

• Desertification: GCC countries are predominantly arid or semi-arid, with large desert areas. Climate change can exacerbate desertification by altering rainfall patterns and increasing the frequency and severity of dust storms. Desertification affects agricultural productivity, biodiversity, and can contribute to air pollution.

• Energy Security: GCC countries are major producers of fossil fuels, particularly oil and natural gas. Climate change mitigation efforts, such as the transition to renewable energy sources, could potentially impact their energy security and economic stability. Diversification of energy sources and investments in renewable energy are important strategies to address this risk.

• Extreme Weather Events: Climate change can lead to an increase in extreme weather events, such as tropical cyclones, heavy rainfall, and flash floods. These events can cause significant damage to infrastructure, disrupt transportation, and threaten lives and livelihoods. For example,

54 Intelligent Risk - August 2023

cyclones pose a direct threat to the lives and safety of residents. Flooding may lead to the displacement of communities and loss of homes. There is a risk of injuries and casualties due to falling debris, electrocution, and drowning. As sea surface temperatures rise due to climate change, the Arabian Sea becomes warmer, creating favorable conditions for the formation and intensification of tropical cyclones. Qatar, located on the Arabian Peninsula, becomes more vulnerable to these cyclones. A powerful cyclone making landfall will bring strong winds, heavy rainfall, and storm surges.

• Health Risks: Climate change can impact public health in GCC countries. Extreme heat can increase heat-related illnesses (e.g. heat cramps, heat exhaustion, heat strokes, etc.) while changing weather patterns can affect the spread of vector-borne diseases like dengue fever and malaria. Dust storms can also contribute to respiratory problems.

domestic and global consequences

The economies of the GCC countries heavily rely on oil and gas exports, making them vulnerable to shifts in global energy markets and efforts to decarbonize. As the world transitions to cleaner energy sources, demand for fossil fuels may decline, negatively affecting the revenue and employment generated by the hydrocarbon industry.

GCC countries also hold a strategic geographical position in close proximity to vital shipping routes, establishing them as pivotal centers for global oil and gas trade. These critical routes encompass the Strait of Hormuz, the Bab el-Mandeb, and the Suez Canal (although not in immediate proximity to the GCC countries, the Suez Canal in Egypt holds immense importance in facilitating global oil and gas trade). These shipping routes play a critical role in supporting the global oil and gas industry, enabling the GCC countries to export their abundant hydrocarbon reserves to international markets.

While the demand for oil and gas may shift as other nations strive to transition to greener economies, these resources are expected to remain indispensable during the transition phase. And, despite the expansion of renewable energy sources, oil and gas retain their vital significance in sectors such as transportation, petrochemical industries, and electricity generation.

Acknowledging the evolving global energy landscape, the GCC countries are actively adapting and investing in diversification initiatives. These efforts include the development of renewable energy projects, the promotion of energy efficiency, and the exploration of new industries. By doing so, they aim to fortify their position as global energy leaders, contribute to the advancement of a greener economy, and leverage their strategic geographic location and shipping routes.

Additionally, climate change impacts, such as water scarcity and extreme weather events, can trigger population displacement within and across borders. This can lead to social, economic, and political challenges as host communities may struggle to accommodate influxes of migrants, potentially straining resources and exacerbating existing social tensions.

55 Intelligent Risk - August 2023

To mitigate these risks, GCC countries have been focusing on various strategies, including implementing water management and conservation measures, enhancing Sustainable Agriculture Practices, building infrastructure resilience, protecting and restoring natural ecosystems (such as mangroves, coral reefs, and native habitats), in order to enhance resilience to climate change impacts. These ecosystems provide vital services like coastal protection, carbon sequestration, and biodiversity conservation. Implementing protected area management plans and promoting sustainable land use practices can contribute to ecosystem preservation and support international climate agreements to reduce greenhouse gas emissions. Also, investing in Diversification of Energy Sources, transition to renewable energy sources, and adoption of climate-friendly policies can shape the region’s international standing and influence geopolitical dynamics.

urgent action

In conclusion, the climate risks facing GCC countries are significant and require urgent action to address. It is important for GCC countries to adopt a holistic and integrated approach, involving government institutions, private sector engagement, and active participation from civil society to effectively address climate risks and build a sustainable and resilient future.

peer-reviewed by

Elisabeth Wilson

Aakash Ramchand Dil

Dr. Aakash Ramchand Dil currently holds the position of Executive/Head of Market Risk and Capital Management at the National Bank of Fujairah in Dubai, UAE. Prior to his role at NBF, he gained experience in various Quantitative Risk Management and BASEL implementation positions at institutions such as SAMBA Bank Ltd, Union National Bank, Compono Strategia JLT, and Commercial Bank International. His expertise lies in risk analytics, managing Model risk, IFRS9 ECL, bottom-up stress testing techniques, quantitative finance, and financial risk modeling (credit and market). His research focuses on econometric stress testing, risk-based pricing, and ARMA modeling. Dr. Dil possesses a Ph.D. in Mathematics, an Associate Diploma in Actuarial Science, dual bachelor’s degree in Commerce and IT, and a Master’s degree in Business Administration from York Business School in the UK.

56 Intelligent Risk - August 2023

Although 2023 has seen large bank failures, they have been largely contained and well-managed. Lessons learned from 2008 is part of the reason for regulators being better prepared. The author explains the tools available to regulators when a bank is no longer viable, what constraints it needs to act within and summarizes the approaches to stifle systemic risk like we saw in 2008.

beyond recovery: how regulators handle bank resolution and the case of Silicon Valley Bank

Think back to the 2008 financial crisis, when “too big to fail” banks failed as a result of taking excessive risks and did so in chaotic fashion threatening to pull down other banks with them. Now fast forward to this year’s bank failures at Silicon Valley Bank, Signature Bank, and Credit Suisse. What we find is that, despite temporary market turmoil, the creation of better resolution plans at banks and the regulator’s available resolution methods (such as bridge banks, purchase and assumptions, and bailouts) managed to resolve recent bank failures in an orderly way.

This begs the question of what tools are available to regulators when bank’s recovery plans fail, which will also require we discuss deposit insurance and moral hazard.

resolution methods

Resolution authorities employ legislation to make large banks establish viable recovery plans without taxpayer losses, significant systemic disruption, or breaks in the provision of critical banking services. However, once a bank exhausts its recovery plan and is deemed ‘failed,’ authorities make use of the below resolution methods to achieve an orderly transition:

1. Purchase and assumption transaction - a healthy financial institution accepts some or all of the failed financial institution’s obligations and purchases some or all of its assets. This is the most used resolution mechanism and ensures that no depositor or other creditor suffers a loss. For example, in 2023, First Citizens BancShares acquired the failed Silicon Valley Bank.

2. Bridge Bank - a new company is created to temporarily take over and operate certain assets, liabilities, and operations of a failing financial institution. This is best used to ensure its continued existence until it can be acquired again. For example, Silicon Valley Bridge Bank, N.A. was established temporarily until a buyer could be found.

Intelligent Risk - August 2023 57

3. Bail-in - creditors and shareholders of a financial institution are forced to absorb losses. This is best used to ensure the bank’s core activities continue while protecting taxpayer funds from having to cover its liabilities.

4. Bail-out – use of taxpayer funds to provide financial assistance to a failing financial institution. This is best used to prevent a bank from failing and to ensure economic stability and is considered the ‘last resort’ resolution plan. For example, the Bailout Bill which allocated US $700 billion to provide urgent liquidity in the markets, was adopted by the US Congress in September 2008.

was SVB resolved in the best way possible?

SVB’s attempts to raise capital and cut short the outflow of deposits were short-lived and unsuccessful. Their recovery plan clearly did not consider the possibility of vast deposits leaving in such a short period of time facilitated by social media. This was a mistake since SVB’s concentration of technology-related deposits and loans was well known, as was the high proportion of uninsured deposits at the bank.

Once SVB’s plan failed, the creation of Silicon Valley Bridge Bank, N.A, followed by the purchase and assumption transaction by First Citizens BancShares, was the most effective resolution mechanism in the US Federal Reserve toolbox for a quick and timely resolution with minimal adverse effects. That is, taxpayers incurred no losses related with Silicon Valley Bank’s failure, and the US and global banking industries avoided a potential bank contagion.

considering moral hazard in resolution

When considering any of the resolution methods, regulators need to carefully think about how other banks will treat the news. We know that any financial institution of any size may collapse, and even the ones that are considered “too big to fail” can still go under. This is especially true if the financial institution participates in risky and unhedged behaviour because they believe that they will be protected from this risk by another party who will assume any negative consequences. We refer to this as a “Moral Hazard” and understand that it can lead to excessive risk-taking at financial institutions.

Asymmetric information is one aspect that contributes to moral hazard since it motivates the risk-taking party (the party with the most knowledge) to take greater chances, knowing that the other party (with the least knowledge) will absorb them. An insured financial institution, for example, may be more willing to take on risks in their activities due to the terms of their deposit insurance coverage and the foresight that their country’s regulator or government will not allow it to fail for fear of bank contagion and an unstable banking sector. See Box 1 on how recovery plans help mitigate moral hazards.

58 Intelligent Risk - August 2023

Box 1: Reducing Moral Hazard

Recovery plans seek to place responsibility on financial institutions (and therefore incentivize prudence) by forcing them to consider how they would raise funds or which business units they would sell in a crisis. An important part of such plans are the crisis scenarios and indicators by which they promise to track risk. Living up to their own plan helps minimize moral hazard and supports prudent behaviour.

the role of deposit insurance

Bank regulators cannot completely remove moral hazard risk and the possibility of future financial institution failures, but they may reduce it. This is where deposit insurance comes into play in a mature financial safety net. A country’s “deposit insurance” system is designed to safeguard depositors against the loss of their insured deposits if a financial institution fails to satisfy its obligations to the depositors.

With regards to Silicon Valley Bank, many of the bank’s depositors exceeded the maximum insured amount of US $250,000 guaranteed by the Federal Deposit Insurance Corporation (FDIC), forcing the FDIC to cover the excess funds due to increased risk perception. Furthermore, actions were adopted that allowed the FDIC to complete the resolution of Silicon Valley Bank while fully protecting all depositors.

To protect and strengthen the deposit insurance system from being overburdened by too many financial institution failures, there should be a review of the coverage limit to assess its adequacy, effectiveness and consistent communication with all stakeholders, the imposition of risk-based deposit insurance premiums and regular assessment of bank solvency and liquidity by bank regulators backed by credible plans for early intervention. Additionally, maintenance of larger amounts of capital and stricter risk management guidelines should also be considered.

The International Association of Deposit Insurers (IADI) has established core principles for guiding the establishment and operation of efficient deposit insurance systems, aiming to improve financial stability and protect depositors.


Regulators should consider the following strategies to avoid further systemic bank stress in the future.

1. Strengthen oversight over financial institutions subject to its purview through regular assessments and the maintenance of higher amounts of capital for excessive risks.

2. Implement measures such as risk-based deposit insurance premiums for insured financial institutions.

59 Intelligent Risk - August 2023

3. Create a comprehensive strategy that encompasses regulatory, market-based, resolution methods.

Implementing these strategies can help to develop a more robust and stable financial sector that is better equipped to absorb financial shocks like the Silicon Valley Bank run and avoid government intervention like the bail-out resolution in the 2008 financial crisis.

peer-reviewed by

Jammi Rao, Carl Densem


Kaila Mayers

Ms. Kaila Mayers earned her Professional Risk Manager certification in 2020 and holds a Master of Science in Finance from the University of London via distance learning. She currently works in the financial risk management field as a member of the Enterprise Risk Management Division at a local financial institution in her home country of Trinidad and Tobago.

Ms. Mayers has over 14 years of experience in the financial services industry as a finance and risk management professional, with knowledge in financial and enterprise risk management, regulatory compliance, deposit insurance, and banking operations.

60 Intelligent Risk - August 2023

The turmoil in the UK Gilt Markets caused by the Government’s Autumn 2022 budget proposals was predictable. This article describes the warning signs and how risk managers can prepare for such foreseeable market disruptions.

foreseeable and preventable – the autumn 2022 UK gilt markets turmoil

warning signs

The turmoil in the UK Gilts market in Autumn 2022 was exceptional. Daily movements of 10-20 standard deviations1 arose as the budget of the 23rd September shook investor confidence in the UK, crashing the pound and pushing up Gilt yields. This was amplified by an adverse feedback loop as margin calls from Liability Driven Investment (LDI) investment strategies forced pension schemes to dump Gilts and other assets on the market. Ultimately the Bank of England had to intervene, triggering sharp falls in yields. The exceptional nature of the period can be seen by this graph of daily movements in long-term Gilt yields:

1-day movements in 30-year Gilt yields since 2016

1 / Peak daily rise and fall in 30-year Gilts was +50bps and -113bps respectively, compared to a standard deviation in daily movements of 5bps based on data from 1/1/2016 to 21/9/2022 sourced from the Bank of England – see Yield curves | Bank of England
Figure 1: UK Gilt daily yield movements
Intelligent Risk - August 2023 61

It is understandable that many models of Gilt yield movements would not forecast such extreme movements, but this does not make the turmoil a “black swan” event that could not have been foreseen. On the contrary, the vulnerabilities that created the crisis were well known.

The threat of a loss of foreign investor confidence in the UK is something the Bank of England has been calling out for many years, noting the UK’s reliance on overseas investors to fund its large current account deficit. Indeed, back in 2019, it incorporated such a loss of confidence into the Annual Cyclical Scenario used to stress test banks. The effects of this included the pound falling below parity with the US dollar and Gilt yields rising to nearly 7% p.a., far beyond the movements seen in the autumn2 .

Similarly, the vulnerability of pension schemes to margin calls combined with illiquid assets was called out by the IMF in their 2019 Global Financial Stability Report3. Furthermore, redemptions by pension schemes to meet such calls nearly triggered a crisis in money market funds during March 2020 which should have given pause for thought4. Some LDI strategies involved investment funds borrowing money short-term on repo markets to buy Gilts and gear up interest rate exposure, but a cursory analysis of the Global Financial Crisis of 2007/09 would have highlighted the risk that repo markets might seize up and it would not be possible to roll-over loans.

Even if one was unaware of these vulnerabilities, a comparison of UK Gilt yields with other government bonds would have indicated trouble brewing, as the following graph shows5:

10-year government bond

over 2022

2 / See Key elements of the 2019 stress test | Bank of England; note however that the scenario movements take place over a much longer timescale than the days and weeks after 23/9/2022.

3 / See chapter 3 of “Global Financial Stability Report – Lower for Longer”, IMF October 2019, available at Global Financial Stability Report, October 2019: Lower for Longer (

4 / See the section “Building the resilience of market-based finance”, p65-87 of the BoE’s August 2020 Financial Stability Report, available at: Monetary Policy Report and Financial Stability Report - August 2020 | Bank of England

Figure 2 - UK Gilt vs. US Treasurey vs. EU yields yields
62 Intelligent Risk - August 2023

From above, we can see that in the first half of 2022, UK Gilt yields were broadly rising in tandem with US T-bonds and other highly rated sovereign bonds. However, from the start of July – when Boris Johnson resigned – we see UK Gilt yields rising relative to other sovereign bonds, most likely due to the prospect of unfunded tax cuts and spending on energy support promised by Liz Truss spooking investors. Not just Rishi Sunak but even her own economic adviser, Professor Patrick Minford, warned that her tax cuts would drive up inflation and push interest rates up to 7% p.a.6

Undeterred, Truss pushed on with her plans, resulting in the turmoil in markets as UK Gilt yields as investors noted that the UK had a massive current account deficit and anaemic growth on a par with Italy. It has taken a change in Prime Minister and Chancellor, coupled with a return to austerity, to reassure markets.

timeline of the autumn 2022 gilts market crisis

7th July – Boris Johnson resigns as UK Prime Minister; UK 10-year Gilt yield 94bps below 10-year US T-bond yield.

5th September – Liz Truss defeats Rishi Sunak in Conservative party election on a platform of tax cuts; she become Prime Minister the following day; UK 10-year Gilts only 29bps below US T-bonds.

23rd September – Truss’s Chancellor Kwasi Kwarteng presents a mini-budget with significant unfunded tax cuts; UK 10-year Gilt yields rise to 15bps above US T-bonds.

26th September – Pound Sterling falls to record low against US Dollar of £1: US$1.0327; spikes in Gilt yields and swap rates trigger a liquidity crisis in pension funds using LDI.

28th September – amid fears for financial stability, the Bank of England intervenes to support the Gilt market, promising to buy up to £5bn a day until 14th October; the UK 10-year spread narrows from +44bps the previous day to +29bps.

11th October – amidst continued turmoil in Gilt and swap markets affecting pension schemes, the Bank of England extends support to the index-linked Gilt market.

14th October – Truss sacks Kwasi Kwarteng; replaces him with Jeremy Hunt who concedes mistakes had been made.

17th October – as part of a planned emergency statement, Hunt reverses most of the mini-budget cuts; UK 10-year Gilts spread over US T-bonds falls from +33bps the previous day to zero.

20th October – Truss announces her resignation, making her the shortest-serving UK Prime Minister.

25th October – Rishi Sunak becomes new UK Prime Minister; UK 10-year Gilts now yielding 42bps less than US T-bonds.

5 / US Treasury Bond data sourced from the US Federal Reserve – see Federal Reserve Board - Nominal Yield Curve; EU AAA-rated sovereign bond data sourced from the European Central Bank – see Euro area yield curves (
63 Intelligent Risk - August 2023
6 / “Liz Truss’s tax cuts could cause 7% interest rates, warns her own economics guru”, Richard Vaughan, MSN, 22nd July available at: Liz Truss’s tax cuts could cause 7% interest rates, warns her own economics guru (

how risk managers can anticipate turmoil

1. Don’t rely too heavily on models to predict extreme events.

2. Read widely to understand fragilities in markets, economies and the global order – good sources of information include:

a. IMF, Bank of England and other central bank Financial Stability Reports

b. WEF Global Risks Report

c. Emerging risk reports e.g. Swiss Re’s SONAR publications

d. PRMIA Intelligent Risk articles

e. Economist and similar publications

3. Based on this research and monitoring of current events, identify and track emerging risks.\

4. Carry out robust scenario analysis of potential emerging risks crystallising and their impact on your organisation, including liquidity and operational risk impacts. As part of developing scenarios, consider stress tests prescribed by central banks and other regulators.

5. Develop plans to mitigate potential turmoil from adverse scenarios, including contingency funding plans to mitigate asset and other liquidity strains as well as business continuity plans.


Far from being a “black swan”, the turmoil in Gilt markets was a “white swan” which could and should have been foreseen by prudent politicians. The reliance on investor confidence given the UK’s current account deficit was well known, and the bond markets were giving very clear signals in the run-up to the budget. Similarly, the potential impact of a spike in Gilt yields on LDI strategies is something pension schemes should have been aware of.

Going forward, it is hoped that UK politicians have learnt the lesson that they ignore bond markets at their peril. Similarly, pension schemes should have learned lessons in terms of managing the liquidity risks associated with LDI, as well as looking beyond models with robust stress testing (such as the Bank of England’s ACS above), and better emerging risk identification having regard to Financial Stability Reports and other diverse information.

*A version of this article was first published for Longevitas’ Information Matrix under the heading “White Swans and the Moron Risk Premium”

– see

64 Intelligent Risk - August 2023

Steve Lindo

Patrick Kelliher

Patrick Kelliher is a Fellow of the Institute and Faculty of Actuaries with over 30 years’ experience of financial services, predominantly in UK life insurance. Since 2003 he has specialised in risk management, first with Scottish Widows and later as Head of Market Risk and ALM for Aegon UK before starting up Crystal Risk Consulting Ltd. in 2011.

Patrick is a Chartered Enterprise Risk Actuary (CERA) and a member of a number of actuarial profession risk management working parties. He has produced papers and articles on a wide range of topics including operational risks and dependencies between risks.

author peer-reviewed by 65 Intelligent Risk - August 2023
INTELLIGENT RISK knowledge for the PRMIA community ©2023 - All Rights Reserved Professional Risk Managers’ International Association

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.