The normal rules do not apply when confronted by extreme risk such as the coronavirus outbreak, writes the chairman of the European Risk Management Council.

coronavirus risk management

The recent coronavirus outbreak reignited the debate about the preparedness of the banking sector in surviving the next crisis. I’m afraid I have bad news for you. Today, the banking sector is better capitalised and less leveraged than it was a decade ago. Yet the existing risk management framework is not fully capable of providing a robust response to extreme risk shocks. 

The existing risk management practice implicitly treats risk as a phenomenon that is measurable, predictable, recurring, having a known nature and known drivers. This is true for the normal risks that banks deal with on a daily basis. But extreme risk does not fit this description. It has very different characteristics. A paucity of available historical data and non-linear relationships between risk drivers and impact make it very difficult to model tail risk events, such as pandemics, for example, and forecast their possible impacts.

Risk managers try to stretch the quantitative methods, which typically perform satisfactorily for normal risk assessments, to the tail risk area. But statistical data for extreme risk events is scarce; key risk drivers and their behaviour are often unknown, so risk managers have to use brave assumptions and various proxies in their risk models. As a result, quantitative tools fail to provide reliable tail risk assessments and the problem with effective risk management of extreme risks remains unsolved. 

No ‘one size fits all’ solution

Where would the solution be found? The specific nature of extreme risk dictates that tail risk should be treated separately from the everyday ‘normal’ risks. Only if we separate extreme risk from normal risk and create a dedicated framework to deal with tail risks can we expect a breakthrough in the overall efficiency in extreme risk mitigation. 

Normal risk should be managed via an array of traditional models, tools and methods including those stemming from the Basel Accord. Most global and large banks already have pretty good frameworks in place to monitor, quantify, mitigate and report normal risks.

Tail risk, on the other hand, requires a special risk architecture that should reflect special traits of extreme risk (unpredictability, non-recurring nature, an emergence from unknown risk drivers, difficulties in quantification). This architecture should include four elements that are absolutely necessary for a robust response to extreme risk shocks. First, dynamic stress simulation, a type of simulation that is fundamentally different from traditional stress testing used by banks and regulators. The latter is a predominantly quantitative exercise (extensive number crunching) that was designed to assess the capital adequacy of firms in stress conditions. The former focuses not on quantifying stress impacts but on detailed contingency planning and training of staff to make right decisions in a situation of high stress and uncertainty. 

The simulation should be organised as a war game, with several teams playing the roles of different actors (for example: competitors, customers, regulators). The main result is a ‘what, when, who and how’ contingency plan that forms the basis of crisis management. The next time an extreme event occurs, the appropriate contingency plan will guide the bank to a crisis resolution. 

Keep it simple

Second, crisis governance is also key. An extreme situation requires an organisation to have simple, dynamic and military-style governance. A traditional governance structure that works well during normal operation becomes too slow and inefficient in a crisis situation. The crisis governance needs to include an effective mechanism of decision making and cascading actions from the top to the bottom of a company's hierarchy and simple but effective control, communication and feedback. This governance should be designed, approved and set up well before an extreme risk event crystallises. 

Third, to survive a shock, banks need a crisis management information system (MIS). Typically, a traditional MIS is built around standard reporting and is driven by a calendar (such as daily or monthly reporting). This is not suitable for a crisis. A firm should build an MIS that is driven by events and should be flexible enough, allowing information to be ‘sliced and diced’ rapidly and in non-standard ways to deliver vital information for decision making. 

Last, banks should have an effective crisis communication strategy that should include clearly defined responsibilities, communication channels and ways of feedback with employees, shareholders, customers, regulators and the general public. 

Tail risk events are the most complex and the most difficult threat to predict and mitigate against. In order to build robust protection against large systemic and catastrophic losses, banks need to implement solutions that allow them to successfully mitigate the impact of the crisis should the ‘perfect storm’ hit the organisation. When all hell breaks loose, crisis management is a factor that determines whether the company survives or disappears.

Evgueni Ivantsov is chairman of the European Risk Management Council and the author of Heads or Tails: Financial Disaster, Risk Management and Survival Strategy in the World of Extreme Risk.


All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker

For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Top 1000 2023

Request a demonstration to The Banker Database

Join our community

The Banker on Twitter