The corporate world has traditionally taken a flawed approach to risk management, but a better alternative is readily available.

It is well known that over the past decade, and especially over the past few years, a number of the world’s most widely respected companies have collapsed. Analysts have cited equally well-known reasons for these collapses — the “usual suspects” of nonviable business models, greed, incompetent (and overpaid) management and a lax regulatory environment. Not often mentioned is another key consideration, something that appears to distinguish collapsed companies strongly from their noncollapsed counterparts. It is the breadth and depth of these companies’ approach to risk management.

That risk management could be a major (though not sole) cause may seem counterintuitive. The troubled American International Group Inc., for example, was a leader in risk management and even maintained a risk-management subsidiary. Its former CEO Maurice R. “Hank” Greenberg boasted that AIG had “the best risk management [departments] in the damn industry.” Bear Stearns Cos. claimed the “best-in-class processes in analyzing and managing ... risk”; even the New York Times cited the company’s “carefully honed reputation for sound risk management.” Fannie Mae, the Federal National Mortgage Association, touted its “excellent credit culture and risk-management capabilities,” and Lehman Brothers Holdings Inc. prided itself on what its leaders called a “culture of risk management at every level of the firm.”1

The Leading Question

What risk-management approach should companies adopt to help them avert future failures?

  • The traditional “frequentist” approach is based entirely on the historical record.
  • The alternative “Bayesian” approach incorporates judgments to complement historical data.
  • The Bayesian perspective provides more powerful and accurate results.

Yet at these companies, and at others with comparable “cultures,” risk management apparently performed quite dismally. How could this be? We contend that the answer lies in the concepts and practices of traditional risk management, which tend to look for risk in all the wrong places. That is, failure did not stem from merely paying lip service to risk management or from applying it poorly, as some have suggested. Instead, collapse resulted from taking on overly large risks under the seeming security of a risk-management approach that was in fact flawed. The more extensive the reliance on traditional risk management, we believe, the greater the risks unknowingly taken on and the higher the chances of corporate disaster.


1. A. Gomstyn, “Former AIG CEO Greenberg Defends Reputation,” March 16, 2009,; “Bear Stearns Names Michael Alix Chief Risk Officer and Robert Neff Deputy Chief Risk Officer,” Business Wire, February 3, 2006; L. Thomas Jr. “Bear Stearns Chief Weathers the Storm,” New York Times, June 29, 2007; Federal National Mortgage Association, “Fannie Mae’s Marzol to Lead Company’s Strategy and Competitive Analysis Group,” press release, August 26, 2004; and Lehman Brothers, “Annual Report,” 2.

2. G.A. Holton, “Subjective Value at Risk,” Financial Engineering News 1 (August 1997): 1, 8-9, 11; K. Dowd, “Estimating Value at Risk: A Subjective Approach,” Journal of Risk Finance 1, no. 4 (2000): 43-46; and T.K. Siu, H. Tong and H. Yang, “On Bayesian Value at Risk: From Linear to Nonlinear Portfolios,” Asia-Pacific Financial Markets 11, no. 2 (2004): 161-184.

3. R. Rebonato, “Plight of the Fortune Tellers: Why We Need to Manage Risk Differently” (Princeton, New Jersey: Princeton University Press, 2007).

4. A. Tversky and D. Kahneman, “Judgment Under Uncertainty: Heuristics and Biases,” Science 185, no. 4157 (September 27, 1974): 1124-1131.

5. See, for example, C.S. Spetzler and C.-A.S. Stael Von Holstein, “Probability Encoding in Decision Analysis,” Management Science 22, no. 3 (November 1975): 340-358.

6. See, for example, J. Wolfers and E. Zitzewitz, “Prediction Markets,” Journal of Economic Perspectives 18, no. 2 (spring 2004): 107-126.

7. S. Tully, “Wall Street’s Money Machine Breaks Down,” Fortune, Nov. 26, 2007, 64.

5 Comments On: How to Manage Risk (After Risk Management Has Failed)

  • Walter P. Blass | September 23, 2010

    I am less than clear how either the “frequentist” or the Bayesian approach can help a Societe Generale deal with the likelihood of a “rogue trader”, BP with the possibility of a $20 billion + liability because of the Gulf of Mexico, or Lehman Brothers’ Street-wide reputation for taking risks that other firms simply refused. Isn’t the answer what Pierre Wack suggested in his work on Scenarios,namely to imagine “the worst that could happen” and to devise strategies that would cope with such events. That might have led firms such as Societe Generale to raise its Tier 1 capital on its own, to insist on more rigorous audits on its traders to catch the likes of Jerome Kerviel; perhaps even to set aside reserves for “untoward” trades that might cost the bank something? Could a similar approach rely not on Bayesian statistics but the stated penalty per barrel of spilled oil were criminal negligence to be proven, and contrast that with the cost of additional tests, or delays in going ahead ‘regardless’?
    My reading of these corporate disasters has little to do with past or future likelihoods of a “Black Swan” event, but the lack of consciousness in top management of what the boys downstairs are actually doing, and what it might ultimately cost. I’ve seen with my own eyes the cost to a public utility in saving money by starving inventories, only to get caught and lose both a multiple of the savings in higher investment, and the replacement of the CEO. As the Bard said:”The fault dear Britus lies not in our stars, buy in ourselves…”

  • Vinay Deshmukh | September 24, 2010

    I work for a hi tec company and recently implemented demand forecasting using Bayesian modelling. The solution was provided by a large ERP software company. I would like to highlight the limitations of the Bayesian approach as learnt from the implementation.

    1.Bayesian modelling is subject to the same errors of judgement as any other model .

    2.Before you even start Bayesian modeling, please look at the system as a whole and understand the interactions between the parts of the system.
    e.g The Bayseian forecast was great from a mathematical perspective but our demand planners rejected it because the suppliers could not react to it since the later were used to receiving a smooth forecast.

    3.Bayesian does not work well if data exhibits a wide spectrum of patterns.
    e.g our data had variability along 5 dimensions – intermittency,volatility,age,volume and revenues. The extreme difference in data patterns caused Bayesian to not perform as well. We had to work around it.

    4. The anterior probabilities could be hard to obtain and are often unrealistic.

    5. If you are relying on expert judgement anyway , then Bayesian may not add much to our knowledge.
    e.g our expert forecasters already knew what Bayesian came out with. Skepticism increases if Bayesian fails to add value repeatedly and has to be countered with sound change management techniques.

    6.For macro economic factors to influence Bayesian modelling, the correlation has to be strong . Also the numeric values of those economic factors are by themselves prone to error. e.g we tried to use semiconductor shipment ,GDP and stock indices as a causal factors but gave up due to poor correlation.

  • Besker Ljubica | October 10, 2010

    The Risk Assessment Method is the most intrigues behavioural issue.
    Historic or alternative Bayesian method do not predict ,with desirable precision,all risks possible.
    Walter mentioned ,in his comment, the disaster happened in some groups-according the caos theory,predictable!
    The risk pendulum movement is caotic ,predictable only according its
    relation with the”start pole”.
    The simple human good sence proverb “Clean in front of the own door”!

  • Richard Ordowich | October 20, 2010

    Applying yet another technique of assessing risk does not address the systemic risk nor does it adequately account for erratic human behavior. I agree with the comments of William Blass that models will not predict the rogues like Madoff or Soc Gen’s trader.

    I suspect that Goldman and Morgan Stanley did apply risk management techniques along with scenario planning and as a result were less affected by the crises but even they were caught up in the systemic risk having relied on AIG to insure their loses. Only the bailout of AIG saved them. I wonder if they modeled their reputational risk? They are no longer perceived as doing “God’s work”,

    There is something fictional about the financial industry and to some degree economics as well. This fiction is something everyone accepts because they have models that represent their perceived risk. The belief is that we’ve “modeled out” the risks.

    The public is surprised when a disaster strikes, yet the “insiders” are well aware of the risks and are willing to believe that disaster will not befall them.

    The basics of the mortgage crises were evident to even the most unsophisticated. Lending money to those who have a low probability of being able to pay, securitize these loans and use ratings based on known flawed models and sell these securitized products to unquestioning funds who then pass these on to unsuspecting customers and you have the makings of a grand fictional scheme.

    Does Bayesian modeling account for these fictional variables? I don’t think the current crisis was the result of lack of models but a collective lack of common sense. And common sense is very difficult to model.

  • Viktor O. Ledenyov | November 8, 2010

    It is not correct to say that the risk management has failed. The economic and financial systems have collapsed, however it does not mean that the risk management and modeling techniques were wrong.

    Viktor O. Ledenyov, Ukraine

Add a comment