Managing Pure Risks: Operations & Markets
This article focuses on managing pure risk. It provides an overview of the main approaches and challenges to managing the pure risks associated with and resulting from business operations and market activity. Topics of discussion include pure risk management strategies, operational risk, market risk, and formal risk disclosure requirements. This section serves as a foundation for a discussion of the issues associated with pure risk transfer and terrorism catastrophe bonds.
Keywords Market Risk; Operational Risk; Pure Risk; Risk Management; Speculative Risk; Terrorism Catastrophe Bonds
Corporate risk can be divided into the two broad categories of pure risk and speculative risk. Pure risk exclusively involves the potential for loss and no potential for profit. The occurrence of pure risk cannot be controlled nor reliably predicted. Examples of pure risk include terrorism, fire, death of key employees, customer injuries on the premises of the business, and natural hazards such as earthquakes and hurricanes. Pure risk can devastate a company. In contrast, speculative risk involves the equal chance of making a profit or taking a loss.
There is debate within the corporate world about how pure and speculative risks should be managed. Risk management refers to the process of evaluating, classifying, and reducing risks to a level acceptable by stakeholders. Risk management tactics include risk avoidance risk transfer, risk reduction and risk assumption. Since the emergence of risk management in the 1960s, corporations have created strategies for managing the pure risks associated with scientific research, market fluctuations, operations, engineering inventions, computer systems, and liability (Barlow, 1993). There is a tendency in many corporations to combine pure risk management and speculative risk management into the same program and initiatives. These corporations base this decision to have a widely-applied risk management approach on the belief that corporate risk represents a single exposure to the corporation. In practice, managing pure and speculative risk requires two very different skill sets.
Pure risk management involves minimizing negative outcomes by avoiding losses and accidents and preparing for natural and man-made disasters and catastrophes. Speculative risk management involves working to achieve the best passive results for events beyond the company's control (Lansdale, 1997). Speculative risk, which can be used to create profit and is also referred to as financial risk, is the domain of corporate managers, company owners, and the board of directors; pure risk, with no potential to bring profit, growth, or increased performance to the firm, is the domain of risk managers (Vann, 1990). Pure risk is assessed and managed almost exclusively by risk mangers. Pure risk managers plan for eventualities never knowing if or when the pure risk scenario will occur.
Corporations choosing to handle risk through a unified management strategy rather than separate pure risk and speculative risk strategies are continuing the industry's practice of the last forty years. While corporate insurance dates back to the nineteenth century, the practice of risk management, characterized as a singular approach to business risk, did not emerge until the 1960s and was not widely adopted until the 1980s. The 1980s were characterized by increasing government regulations, a growing economy, and insurance crisis. The federal government passed laws, such as the Occupational Safety and Health Act, the Environmental Protection Act, and Superfund legislation, which required corporate compliance. Corporations created new positions, such as risk manager, to address liability, safety, and environmental compliance issues. In addition, the business-boom of the mid 1980s, characterized by an increase in production plants, business locations, operations and workers, required new types and larger amounts of insurance. Companies demanded more insurance options and coverage from their insurers and insurance companies balked at the demands. Companies struggled both with financing their increasing insurance needs and finding insurance policies that met the needs of their expanding businesses. Corporations increasingly hired risk managers to assess their risks and select the best insurance options for their expanding businesses (Englehart, 1994).
Over the last ten years, insurance companies, in response to the of events such as the September 11, 2001 attacks on the World Trade Center, the collapse of the Enron Corporation and the unstable global geopolitical risk, are increasingly unwilling or unable to insure pure risk. Insurance companies are increasingly requiring shared risk scenarios with corporations and governments. Clearly, the current business and political environment is creating a greater divide between pure risk and speculative risk than ever existed before. While firms face the potential for numerous types of pure risk, within the areas of operational risks, market risks, cultural risks, economic risks, political risks and credit risks, pure risk managers are possibly most challenged by the need to manage operational risk and market risk. The pure risks associated with operations and market behavior, along with pure risks in general, are characterized by their unpredictability and potential to create devastating losses.
The following section provides an overview of the main approaches used to manage the pure risks associated with and resulting from business operations and market activity. Topics of discussion include formal management approaches, operational risk, market risk, and risk disclosure requirements. This section will serve as a foundation for a discussion of the issues associated with pure risk transfer and terrorism catastrophe bonds.
Pure risk managers are responsible for assessing, anticipating, minimizing, and mitigating the pure risks associated with operations and market activity. Like all pure risks, the pure risks associated with operations and market activities are always unexpected, negative, and destructive. Pure risk managers develop response scenarios and prepare their organizations for surviving pure risk situations such as fire, terrorism, death of key employees, customer injuries on the premises of the business, and natural hazards such as earthquakes and hurricanes.
Operational risk refers to the financial losses that could potentially result from either internal procedural failures or external affairs. Examples of operational risk include the following: Procedural errors; internal control failures; failure of information processing equipment; malicious or fraudulent actions by individuals; workplace safety issues; succession failures; unintentional failures to protect clients; damage to physical assets; failures to follow regulations; business disruptions including terrorism and vandalism; computer and network crashes; service or product quality lapses; fraud; failure to comply with regulations or company policies; shifting political landscapes; and other unpredictable events (Beans, 2003, p.22). Operational risk is created by multiple factors including overly complex production processes; over-engineered products; too many vendors; complex or unclear organizational structures; and fragmented financial or control systems (Lynn, 2006). The results of operational risks can be potentially far-reaching and devastating for firms of all sizes and in all industries. Regulators and corporations have struggled since the 1990s to come to a consensus on the definition and meaning of operational risk. Firms of all sizes and in all industries struggle to decide the best means to allocate capital for managing operational risk and determine what role the board of directors has in assessing and managing operational risk. While a working definition of operation exists across industries, operational risks vary significantly between different industries and sectors (Garver, 2006).
The Basel Committee on Banking Supervision has led the way in the effort to define operational risk and develop tactics for management of operational risk. The Basel Committee on Banking Supervision has issued two international accords or international agreements, Basel I in 1988 and Basel II in 2004, which have standardized corporate perception of and management of operational risk. The Basel Accords have been widely adopted by regulatory commissions around the world. In the United States, the main federal banking agencies, including the Office of the Comptroller of the Currency, the Federal Reserve System, the Office of Thrift Supervision, and the Federal Deposit Insurance Corporation, have revised and implemented the Basal II Accord. The Basel Committee on Banking Supervision reported that the most...
(The entire section is 3897 words.)