ERM Enterprise Risk Management David N Ingram CERA

ERM: Enterprise Risk Management David N. Ingram, CERA, FRM, PRM Senior Vice President, Willis Re © Stanhope by Hufton + Crow

The agenda Goal: a better understanding of the following: The objectives and benefits of ERM Some fundamental issues in measuring risk Choosing ERM Objectives How to get started on implementing Enterprise Loss Controlling Building a Full ERM Program · Best practices in ERM Status of ERM Implementation 2

1 ERM: goals & benefits 3

ERM: new name, old stuff? “ERM is just a fancy name for what my colleagues and I here at ABC Insurance do and have been doing every day for thirty years. ” “We know all about ERM. Our trained professionals check every policy we write and every asset we buy. ” “Actuaries don’t need training in ERM. Risk is what our profession is all about. We are already the experts on risk. ” 4

Advice from my first boss Clients pay insurers to assume some of their risk The key to an insurer’s success is making sure it is adequately paid for doing so Be sure to maintain the right balance between risk and return. Don’t take on risk if you are not adequately paid to do so. Gladly take on risk if the price is right. It’s all about risk and return (profit) (Agree? ) 5

Key questions about profit How much profit did our firm make last year? We ask similar questions about the components of profit: premiums, losses, expenses, and the like We calculate and report by month and quarter also Was that more or less than a year/quarter/month ago? Were our profits in a specific line of business (or state or county) more or less than our profits in another line of business (or state or county)? 6

Questions about profit At the very least, we expect a firm to know the following: Its overall profits Its change in profit over time Its difference in profit across different lines of business, territories, or functions (e. g. , underwriting and investment) If it doesn’t know these things, we would seriously doubt whether the firm is well-managed. (Agree? Firms know? ) 7

It’s hard to manage profit without numbers Numbers focus management attention (a scarce resource) on problems and opportunities Numbers provide feedback on actions taken. Are we making or losing money? Why? Are we more or less profitable than last year? Why? Where are we especially profitable and especially unprofitable? What actions can/should we take to improve our overall profitability? 8

My question to my boss So where are the risk numbers? I’ve seen numerous reports, spreadsheets, meetings, etc. that analyze our profits Where are the reports, spreadsheets, meetings, etc. that analyze our risks? How can you manage risk without risk numbers! 9

Questions about risk Shouldn’t we expect a firm to know the following: Its overall risk Its change in risk over time Its difference in risk across different lines of business, territories, or functions (e. g. , underwriting and investment) If it doesn’t know these things, shouldn’t we seriously doubt whether the firm is well-managed. (Agree? ) 10

It’s hard to manage risk without numbers Numbers focus management attention (a scarce resource) on problems and opportunities Numbers provide feedback on actions taken. Are we taking too much or too little risk? Why? Are we taking more or less risk than last year? Why? Where are we taking little risk and where excessive risk? What actions can/should we take to improve our overall risk? 11

Results of managing risk without numbers We focus far more on return than on risk We can’t compare different risks And we can’t compare the same risk over time Therefore we can’t really manage risk, since we lack feedback And we don’t know the risks on which we should focus scarce managerial attention 12

Managing without numbers Lack of measurement also means that we become very susceptible to potentially distorted perceptions of risk We also become complacent, and readily attribute high profits (from low losses) to skill rather than luck Do we need to revisit the earlier quotes? “We already do ERM” “We know our risks (especially overall)” “We are already the experts on risk” · So where are the reports etc. on risk? · Agree? Does your firm have them? 13

What is ERM? It is an evolving body of knowledge – concepts, methods, and techniques –. . . that enables a firm to understand, measure, and manage its overall risk. . . (objectives). . . so as to maximize the firm’s value to shareholders and policyholders. (benefits) 14

2 Measuring risk 15

Measuring risk: How much risk are we taking? To answer this question we need to specify and implement a way of describing and comparing probability distributions of outcomes; we need a risk measure Conceptually, there has been more emphasis on inventing new risk measures than in comparing or using existing ones in a practical way. 16

Measuring risk: How much risk are we taking? Practically, the need is for a common risk vocabulary across varied groups: Underwriters: focus on pricing risk Actuaries: focus on reserve risk Portfolio Managers: focus on investment risk Various: focus on credit risk 17

How to measure risk: quiz The table at right shows four alternatives, A through D, and the payoffs for each, with their associated probabilities. All four alternatives have the same Expected Value (EV): 100 A positive number means that you receive this amount. A negative number means that you pay or lose this amount. Which alternative is the most risky? (Vote) Which is the least risky? (Vote) Probability 50% 49% 1% EV A 75 75 2575 100 B -20 220 100 C 249 -50 0 100 D 104 100 -100 18

How to measure risk Alternative A has the highest standard deviation But this is due to the high upside potential of this alternative. Is that really relevant? Does giving you a lottery ticket increase your risk? Isn’t risk better defined as a potential for loss? Probability 50% 49% 1% EV A 75 75 2575 100 B -20 220 100 C 249 -50 0 100 D 104 100 -100 19

How to measure risk Alternative B has the highest probability of loss. Probability 50% 49% But the loss isn’t very big. Shouldn’t the magnitude of the loss also be taken into account? 1% EV A 75 75 2575 100 B -20 220 100 C 249 -50 0 100 D 104 100 -100 20

How to measure risk Alternative C has the highest expected loss, given that a loss occurs: 50 times 0. 49 = -24. 5 That is the breakeven cost of buying insurance against loss. That is also the cost of a put option with a strike price of zero. Probability 50% 49% 1% EV A 75 75 2575 100 B -20 220 100 C 249 -50 0 100 D 104 100 -100 21

How to measure risk Alternative D has the highest loss. Probability 50% 49% It has the worst case loss among the outcomes shown This is the same as the highest 1% Value at Risk (Va. R) 1% EV A 75 75 2575 100 B -20 220 100 C 249 -50 0 100 D 104 100 -100 22

A key concept in the evolution of ERM: Va. R 1989: Dennis Weatherstone, CEO of J. P. Morgan, asks for a report, to be delivered to him daily at 4: 15 pm, that answers the following question: How much could we lose if tomorrow turns out to be a relatively bad day? Why 4: 15? Because if the number was larger than he was comfortable with, there was still time to change it. 23

Why this was a great question It is short and clear. Everyone can understand it. It provides an alternative to standard deviation as a risk measure It defines risk as the potential for loss It focuses on a specific time horizon It focuses on the firm as a whole (the “enterprise”) and not on numerous individual trading desks other reports focused on trading desks (where is our risk? ) Its objective was managing risk, not just measuring it (4: 15) 24

What is a “relatively bad day”? Analogy to weather: how cold could it get on a relatively cold day? We could answer by specifying a percentile: “ 95% of the time (days) the temperature stays above zero” Value at Risk (Va. R): “ 95% of the time our losses will be less than $125 million” $125 million is therefore the 95% Va. R 25

Benefits of Va. R We can track risk over time: has it changed? Why? We can compare different risks to one another We can determine a reward to risk ratio for different risks Value of measuring risk in dollars, as in Va. R 26

Other risk measures Numerous alternatives to Va. R have been created Academics have designed criteria that an ideal risk measure should satisfy Va. R doesn’t meet one of these requirements But Va. R is nonetheless widely used because it is readily understandable and transparent 27

Risk measurement issues Risk measurement is necessarily imprecise But so is profit measurement Risk measures often focus on rare events, about which relevant data is scarce -- by definition! Example: firms often purchase reinsurance to protect against events expected to occur once in every 100 to 250 years. But we don’t have that many years of relevant data! 28

Risk measurement issues Not all risks need to be quantified Financial risks are those whose potential damange can be reduced by having additional capital or reinsurance. They can typically be quantified. Non-financial risks pose potential damages that are best addressed by the use of appropriate controls. They are typically difficult to quantify. Reputational risk Criminal activity 29

Risk measurement issues The rarity of events can change climate change affects extreme hurricanes legal changes affect Workers Comp or D&O losses 30

Risk measurement issues ERM is not a contest to identify the largest number of risks The need is to focus on the most important risks The most important quantifiable financial risks at many property-casualty firms: Underwriting risk Adverse development in loss reserves Equity (stock market) risk Reinsurance recoverable default risk Fixed income default risk 31

Risk measurement issues Aggregation – combining different risks to obtain overall risk – is complex if risks are interdependent (correlated) A common example: underwriting risk and reserve risk Interdependence can increase in times of financial stress Example: bond defaults and stock returns 32

Effective Risk Measurement Relevance • Relationship to financial results reporting Comprehensiveness • All types of risks • All significant aspects of those risks Responsiveness • Reflecting changes in levels of risks over reporting period Practicality • Schedule comparable to financial results reports • Reasonable cost to produce • Ability to project alternatives over planning period 33

3. Choosing ERM Objectives 34

ERM Objectives Link with strategy High Value optimization Strategic integration Medium Loss Controlling Risk measurement Risk management Low Loss minimization Risk Steering Risk Trading Compliance Risk control Balance sheet protection Objective of ERM Adapted from Standard & Risk/return optimization Value creation 35

ERM Objectives Loss controlling · limit exposures and therefore losses · ERM adds aggregate approach to risk tolerance Risk trading · getting paid for risks taken · ERM adds consistent approach to risk margins Risk steering · strategic choices to improve value · ERM adds risk vs. reward point of view 36

4 Getting started on Enterprise Loss Controlling 37

Key Risks & Controls Process Self Assessment Five Steps Risk Identification Risk Assessment Risk Control Assessment Heat Map Development Risk Plan 38

Risk Identification Insurance Risk Credit Risk Market Risk ERM Liquidity Risk Too Narrow Which are your Risks? Operational Risk Group Risk Too Broad 39

Risk Assessment How Significant are your risks? Subjective Assessment Consensus view Frequency / Severity Rank largest 40

Risk Prioritization Level 1 – For Board & Top Management Level 2 – For Middle Management Level 3 – For Supervisors 41

Risk Prioritization Level 1 Risks 1. 2. 3. 4. 5. Actionable Top Management Focus 6. Take to Board 7. Take to AM Best 8. 9. 10. 42

Risk Control Assessment For Most Significant Risks How effective are your existing control processes? For the best controlled risks, how much risk is left after the control process? Are they still significant? Subjective Assessment Not as easy to reach consensus 43

Heat Map Development 44

Risk Control Plan Choose High Priority Risks (In the Red) to address this year Plan will be to: ü Prepare detailed documentation of existing control processes ü Research and identify best practice control processes ü Compare existing to best practice ü Choose improvements to make ü Implement improvements 45

5. Building a Full ERM Program 46

Key “First Step” Issues Your audience Key risks Aspects of risk Risk Appetite Developing best practices Communicating ERM 47

Your Audience CEO Board of Directors Public disclosures Analyst calls Rating agencies General management Customers Vendors, partners, counterparties 48

Know your Audience For each audience identify: · risk appetite § types of risks § quantum of risk (compared to capacity) · needs and expectations § their perspective of what is inside vs. outside of ERM § to what extent do they expect management to be Desirability of minimal/maximal satisfaction · goals? · what is considered success? 49

Key Risks Change – not on most lists, but most important Insurance – the most obvious Investment – the most recent Operational – “people” risks 50

Changes People Business Environment M&A New Activity 51

Managing Risk From Changes 1. How does risk profile change? § Does the change make the firm more risky or less? § What are your options for dealing with that? § What are you going to do? 2. Is your Risk Management still adequate after the change? § Can you manage any new risks? § Do you have the right people, structure, accountability & reporting? § What are you going to do? 3. Are you executing your change process & change risk management plan effectively? § Monitoring, feedback and adjusting the plan. 52

Aspects of Risk Type A - Short term volatility of cash flows in 1 year Type B - Short term tail risk of cash flows in 1 year Type C - Uncertainty risk (also known as parameter risk) Type D - Inexperience risk relative to full multiple market cycles Type E - Correlation to a top 10 risk Type F - Market value volatility in 1 year Type G - Execution risk regarding difficulty of controlling operational losses 53

Aspects of Risk Type H - Long term volatility of cash flows over 5 or more years Type J - Long term tail risk of cash flows over 5 years or more Type K - Pricing risk (cycle risk) Type L - Market liquidity risk Type M - Instability risk regarding the degree that the risk parameters are stable 54

Impact of Multiple Risk Aspects There is a danger that any aspect of Risk that you ignore will accumulate in your portfolio. · i. e. CDS risk management. ignored liquidity risk 55

Risk Appetite Understanding Risk Capacity (Tolerance) and Risk Appetite (How much of Capacity will be used) Discussions of: Peer Comparisons, RBC, Rating Agency Views, Historical Loss Scenarios, Future Loss Scenarios, Economic Capital, Franchise Value, Effective Risk Appetite, Risk Preferences , earnings volatility, ruin 56

Risk Appetite Key Questions: 1. 2. 3. 4. 5. 6. 7. 8. 9. § § § 10. What have been the most successful decisions over the past 5 – 10 years? What adverse experience was avoided due to management/board actions and decisions over the past 5 – 10 years? What is the worst experience over the past 20 years? What is the worst experience that a peer company have in the past 20 years? What are the most significant risks at the current time? Where does the company expect to be in relation to peers 5 or 10 years in the future? What are the financial measures that are the most important to management and board? Based upon those financial measures, how would management and board define a great year, a good year, a fair year, a poor year, a terrible year and a disastrous year? What are the sorts of business opportunities that company would never consider doing? would like to be doing more of? might do if the returns look to be very good? How would company see itself performing in a year when experience for the risks taken by company are at a worst in 20 year level? 57

Types of Risk Appetite Statements Ratings Based – Insurer will not take risks that will endanger their rating from AM Best. Risk Based Capital Based – Insurer will maintain an RBC Ratio of at least xxx% Event Based – Insurer will maintain capital to support a loss at least as large as experienced from Hurricane Katrina along with an investment loss like 2001. Probability Based – Insurer will maintain capital so that the probability of a loss exceeding capital is no more than 3 in 10, 000 (AA S&P level) Value Based – Insurer will maintain a level of capital the produces the best franchise value for the firm with the risks taken Earnings Based – Insurer will not take any risks that could result in the loss of earnings of more one quarter’s average earnings over the past 5 years. Capital Based – Insurer will not take risks that will produce a loss of more than 25% of capital at the 1/250 probability level. 58

20 ERM Best Practices Risk identification Stress testing Risk language Risk capital Risk Measurement Risk reporting ERM policies and standards Risk disclosure Risk organization Risk management governance Risk limits Risk optimization Risk management culture Risk-adjusted performance Risk learning measurement Measurement validation Risk-adjusted compensation Risk diagnosis Action orientation Change risk 59

ERM Fundamentals 1. Risk Identification: Systematic identification of principal risks Identify and classify risks to which the firm is exposed and understand the important characteristics of the key risks 2. Risk Language: Explicit firm-wide words for risk A risk definition that can be applied to all exposures, that helps to clarify the range of size of potential loss that is of concern to management and that identifies the likelihood range of potential losses that is of concern. Common definitions of the usual terms used to describe risk management roles and activities. 3. Risk Measurement: What gets measured gets managed Includes: Gathering data, risk models, multiple views of risk and standards for data and models. 60

ERM Fundamentals 4. Policies and Standards: Clear and comprehensive documentation Clearly document the firm's policies and standards regarding how risks will be taken and how and when the firm will look to offset, transfer or retain risks. Definitions of risk-taking authorities; definitions of risks to be always avoided; underlying approach to risk management; measurement of risk; validation of risk models; approach to best practice standards. 5. Risk Organization: Roles & responsibilities Coordination of ERM through: High-level risk committees; risk owners; Chief Risk Officer; corporate risk department; business unit management; business unit staff; internal audit. Assignment of responsibility, authority and expectations. 6. Risk Limits: Set, track, enforce Comprehensively clarifying expectations and limits regarding authority, concentration, size, quality; a distribution of risk targets and limits, as well as plans for resolution of limit breaches and consequences of those breaches. 61

ERM Fundamentals 7. Risk Management Culture: ERM & the staff ERM can be much more effective if there is risk awareness throughout the firm. This is accomplished via a multi-stage training program, targeting universal understanding of how the firm is addressing risk management best practices. 8. Risk Learning: Commitment to constant improvement A learning and improvement environment that encourages staff to make improvements to company practices based on unfavorable and favorable experiences with risk management and losses, both within the firm and from outside the firm. 62

Self Assessment Exercise 63

Self Assessment Exercise List of existing good ERM practices – In ERM language List of practices that may need improvement or development 64

65

RESOURCES Creating an ERM Plan OBJECTIVES NEEDS ERM PLAN IMPROVEMENT 66

Communicating ERM PLAN CEO Board of Directors Public Disclosures Analyst Calls Rating Agencies General Management Customers Vendors, Partners, Counterparties 67

Communicating ERM Results Risk dashboard Reports Tables, charts, graphs Stories Loss diagnostics Limit breaches Model improvements CEO Board of Directors Public disclosures Analyst calls Rating agencies General management Customers Vendors, partners, counterparties Risk profile 68

6. Status of ERM Implementation 69

Benefits of Risk Management (James Lam) 1. Market Value Improvement – Due to decreased volatility 2. Early Warning of Risks – Risk management replaces Crisis Management 3. Reduction of Losses 4. Rating Agency Capital Relief 5. Risk Transfer Rationalization – Reinsurance cost/benefit 6. Corporate Insurance Savings

Potential Benefits of Effective Risk Management Better able to take advantage of new business opportunities. Fewer sudden shocks and unwelcome surprises. Higher share price Potential Benefits Competitive Better basis for advantage. strategy setting. Reduction in management time spent “fire -fighting” Increased likelihood of change initiatives being achieved. (ICA) Lower cost of capital. More focus internally on doing the right things properly.

Moody’s View of Risk Management Environment More Risky More complex products Higher regulatory scrutiny Reinsurers leaving markets Insurers Response Stress Testing Risk Management Committee/CRO

What is the difference between Risk Management and ERM? An ERM Program comprehensively applies Risk Management… across ALL of the significant risks of the Enterprise Consistently across the risks Consistently with the fundamental objectives of the enterprise Standard & Poor's 73

Full Benefits of an ERM Program Once a firm’s enterprise wide risks are identified and objectives are set, an ERM Program should… Develop and maintain systems to periodically measure the capital needed to support the retained risks of the company Reflect the risk capital in: • strategic decision making, • product design and pricing, • strategic and tactical investment selection • financial performance evaluation The product of a fully-realized ERM Program is the optimization of enterprise risk adjusted return Standard & Poor's 74

Benefits of Integrated Risk Management Strategy Avoid “land mines” and other surprises Improve Stability & Quality of Earnings Enhance growth and shareholder return By more knowledgeably exploiting risk opportunities Identify specific opportunities such as natural synergies & risk arbitrage Reassure stakeholders that the business is well managed Life Office Management Association (USA)

Management – Level 1 Planning Projection

Management – Level 2 Scenario Testing

Management – Level 3 Scenario Analysis Average Scenario Planning Projection Confidence Interval

Management – Level 4 Risk Management Average Scenario Planning Projection Confidence Interval

ERM Benefits & Uses Insurance = Risk Taking Risk Management = Management for Insurance Companies Risk Management => systematic risk selection as more insurance companies adopt risk management they will select the better risks companies without RM will not know

ERM Benefits & Uses Communicating with Regulators & Rating Agencies Risk Management can provide language for dialogue with RA Communicating with Board Markets become more volatile as more financial institutions use Risk Management

Solvency 2 & ERM Pillar 2 § Article 43 requires firms to have an effective risk management system. § Requires firms to consider all risks § Risk management system to be fully integrated into the organisation

GFC & ERM § “Progress has been made in strengthening. . . Risk Management” Leaders' Statement from G 20 Summit, 2009

Risk Management & the Board of Directors Nine Themes For Interaction with Management © Stanhope by Hufton + Crow

Risk Management & The Board 1. An advance agreement with management regarding: • the quantity and quality of risks that the firm is expected to take in the coming year and • how much variability management expects there to be in what actually happens. This will naturally lead to a discussion of how far away from plan things can get before another discussion between management and the board is in order. 86

Risk Management & the Board 2. Regular updates in the quantity and quality of risks that are actually being taken by the firm as well as the quantity and quality of risks retained. One of the major issues that banks have faced in the current crisis is that some of their risk offset programs were not as effective as management had expected and very large gross risk positions that were thought to be transferred or offset did become the responsibility of the bank when the losses started to occur. Board reporting had focused only on net retained risks which put the board outside the discussions of how much gross risk was acceptable. 87

Risk Management & The Board 3. Information about the changes in the environment that might indicate that certain risks might be increasing. This information would be in the form of trending of key risk indicators 88

Risk Management & The Board 4. Information about the continuous changes that management is making to the plans in response to the changing environment as they relate to the quantity and quality of risk. Too often management appropriately changes course and defers mentioning that to the board. The lack of mention of “course corrections” should be seen as a sign of potential trouble by the board. Management and the board should agree how far things can drift from plan before management is expected to both do something different and mention that to the board. 89

Risk Management & The Board 5. An advance discussion of losses. Management and the board must recognize that the word “risk” is short for “risk of loss”. It is uncommon to have these advance discussions. When firms experiences losses, there is often a period of uncertainty during which no one knows whether this loss exceeds the tolerance of the board and how the board might react. While it does not make sense to expect there to be an exact list of expected reactions, there is much to be gained by having this discussion before a real loss occurs. 90

Risk Management & The Board 6. Appointing members of top management to be individually assigned personal responsibility for each of the major risks and risk/loss aversion practices of the firm a risk management best practice that is internationally recognized. A regular update by the top management individuals that have been given these responsibilities, confirming that they have sufficient resources, both in quantity and quality, to achieve the objectives for loss limitation and reporting on the status of projects to improve capabilities. 91

Risk Management & The Board 7. A periodic discussion of the unusual and adverse events that might unpredictably impact on the firm and the ways in which management expects to prepare for such events. 92

Risk Management & The Board 8. When a major corporate strategic initiative comes to the board for notice or approval, discussion of the ways that this action changes the risk of the firm. The board should know whether a headline action further concentrates the risks of a firm or whether is broadens the risk exposures. If there additional concentrations of risks, then it would be important to hear more about the additional diligence to the existing loss aversion actions. If it is a diversifying risk, then the board should be hearing about the new risk/loss aversion actions that are contemplated. Too often, management diversifies into a new risk and thinks that loss aversion is unnecessary because of diversification. The term for that type of risk management decision is de_WORSE_ification. For new risks, risk/loss aversion plans are particularly needed because of management’s lower experience wit the new risk. 93

Risk Management & The Board 9. When management discusses the major strategies of the firm with the board discussions should include recognition of the implications of the strategic plans on the firm's risks and the risk/loss aversion plans. The board should be sure that the plans for growth of the firm reach for faster growth of expected profits than the rate of growth of risks. 94

Thank You David N Ingram, CERA, FRM, PRM Willis Re, New York, USA Dave. ingram@willis. com +1 212 915 8039 95

96

ERM Learnings from the School of Very Hard Knocks David Ingram, CERA, FRM, PRM

Who Got the Knocks? Knocked Down Knocked Out HSBC Bear Stearns IKB Countrywide, New Century NIBC Sachsen. LB Lehman Brothers UBS Goldman Sachs JP Morgan Rating Agencies Investors Taxpayers Merrill Lynch Northern Rock Wachovia Freddie Mac Fannie Mae AIG Washington Mutual 98

PRELUDE - Where to Start? June 2003: Federal Reserve Chair Alan Greenspan lowers federal reserve’s key interest rate to 1%, the lowest in 45 years. 2004 -2005: Arizona, California, Florida, Hawaii, and Nevada record housing price increases in excess of 25% per year. 2005: Booming housing market halts abruptly in many parts of the U. S. in late summer. 2006: Prices are flat, home sales fall, resulting in inventory buildup. U. S. Home Construction Index is down over 40% as of mid-August 2006 compared to a year earlier. May 5: In possibly the first casualty of the looming subprime crisis, Washington based Merit Financial Inc. files for bankruptcy and closes its doors, firing all but 80 of its 410 employees, kept to wind down the business. Chief financial officer, Ryan Kidd, said that Merit’s marketplace had declined about 40% and sales were not bringing in enough revenue to support the overhead of running the company. 2007: Home sales continue to fall. The plunge in existing-home sales is the steepest since 1989. In Q 1/2007, S&P/Case-Shiller house price index records first year-over-year decline in nationwide house prices since 1991. The subprime mortgage industry collapses, and a surge of foreclosure activity (twice as bad as 2006) and rising interest rates threaten to depress prices further as problems in the subprime markets spread to the near-prime and prime mortgage markets. The U. S. Treasury secretary calls the bursting housing bubble "the most significant risk to our economy. " 99

2007 February 8 – HSBC: Europe's biggest bank, HSBC Holdings, blames soured US subprime loans for its first-ever profit warning in February. On September 21, it announces the closure of its US subprime unit, Decision One Mortgage, and records an impairment charge of about $880 million. April 2 – New Century: The US subprime lender files for Chapter 11 bankruptcy protection in the biggest collapse of a mortgage lender in this crisis. July – IKB & Sachsen. LB: Two banks in Germany, IKB and state bank Sachsen. LB, suffer exposure by investing in the US subprime market. The German banking industry bails out IKB, but Sachsen. LB almost goes under and is quickly sold to statebacked Landesbank Baden-Wuerttemberg (LBBW). August 9 – BNP Paribas: The French bank bars investors from redeeming cash in $2. 2 billion worth of funds, telling the markets it is unable to calculate the value of the three funds due to turmoil in the subprime market. 100

2007 August 9 – NIBC: The Dutch merchant bank discloses 137 million Euros ($189 million) of losses on US asset-backed securities in the first half, and shelves plans for an initial public offering indefinitely. September 13 – Northern Rock: The British mortgage lender experiences a bank run following a credit crunch sparked by the subprime crisis. The Bank of England steps in to rescue it. September 17: Former Fed Chairman Alan Greenspan said "we had a bubble in housing" and warns of "large double digit declines" in home values "larger than most people expect. " September 18: The Fed lowers interest rates by half a point (0. 5%) in an attempt to limit damage to the economy from the housing and credit crises. October 1 – Credit Suisse: The bank says its results will be "adversely impacted" by the market turmoil, but it will remain profitable in the third quarter of 2007. October 15 – Citigroup: The largest US bank by market value says third-quarter profit fell 57 percent due to losses, with net income down to $2. 38 billion from $5. 51 billion a year earlier. 101

2007 October 15– 17: A consortium of U. S. banks backed by the U. S. government announced a "super fund" of $100 billion to purchase mortgage-backed securities whose mark-to-market value plummeted in the subprime collapse. Both Fed chairman Bernanke and Treasury Secretary Hank Paulson said "the housing decline is still unfolding and I view it as the most significant risk to our economy. … The longer housing prices remain stagnant or fall, the greater the penalty to our future economic growth. " October 19 – Wachovia: The fourth-largest US bank posts a 10 percent decline in third-quarter profit, to $1. 69 billion from $1. 88 billion a year earlier, having suffered $1. 3 billion of writedowns resulting from credit market turmoil. October 24 – Merrill Lynch: The financial services giant stuns Wall Street by reporting the biggest quarterly loss in its history after writing down $8. 4 billion, mostly from bad investments related to risky subprime mortgages. October 26 – Countrywide: US mortgage lender Countrywide Financial Corp. posts a $1. 2 billion third-quarter loss after writing down $1 billion in subprime-lending losses. October 29 – Mitsubishi UFJ Financial Group Inc. : Japan's largest bank says it will write down the value of subprime related investments by as much as 30 billion yen ($260 million) – six times more than previously announced. 102

2007 October 30 – UBS: Swiss bank UBS reports a third-quarter pretax loss of 726 million Swiss francs ($624. 8 million) after it took a charge of 4. 2 billion francs on subprime-related losses in its fixed income investments. November 1: Federal Reserve injects $41 B into the money supply for banks to borrow at a low rate. The largest single expansion by the Fed since $50. 35 B on September 19, 2001. November 4 – Citigroup: May write off $8 to $11 billion of subprime mortgage losses, on top of a $6. 5 billion write-down in its third quarter. November 8 – Merrill Lynch: Its exposure to CDOs is now $15. 82 billion or about $600 million more than what the company revealed in its third-quarter earnings release on October 24. The figure is larger because a hedge against potential loss was terminated recently after a dispute with a counterparty, which Merrill declined to name. November 13 – Bank of America: Writes off $3 billion in subprime losses. November 14 – HSBC: Raised its subprime bad debt provision by $1. 4 billion (£ 670 million) to $3. 4 billion. 103

2007 November 15 – Barclays: Subprime write-downs at Barclays’ capital investment bank arm now total £ 1. 3 billion, taking into account a £ 500 million write-down in the third quarter. November 15: FASB Statement no. 157 becomes effective for annual statements for fiscal years beginning after Nov. 15, 2007, and for interim reports prepared in that initial fiscal year. 16 November - Goldman Sachs forecasts sub-prime losses for entire financial sector at $400 bn (£ 200 bn). Northern Rock's boss resigns Nationwide warns of no UK house price growth in 2008 19 November - Northern Rock says bids to buy bank are "below current market value. " Swiss Re expects to lose $1 bn on insurance a client took out against any fall in the value of its mortgage debt. 20 November - US mortgage guarantor Freddie Mac sets aside $1. 2 bn to cover bad loans and reports a $2 bn loss. The US Federal Reserve cuts its 2008 growth forecast citing credit and housing market woes. UK buy-to-let mortgage lender Paragon sees its shares fall nearly 40% after revealing funding difficulties. Construction of new US homes in October remains sharply lower than a year earlier, figures show. 22 November - UK lender Kensington Mortgages withdraws its entire range of subprime mortgages because of market conditions. The Nationwide, the UK's largest building society, benefits from being seen as a haven from troubled banks. 104

2007 December 6: President Bush announced a plan to voluntarily and temporarily freeze the mortgages of a limited number of mortgage debtors holding adjustable rate mortgages (ARM). He also ask Members Of Congress to: 1. pass legislation to modernize the FHA. 2. temporarily reform the tax code to help homeowners refinance during this time of housing market stress. 3. pass funding to support mortgage counseling. 4. pass legislation to reform Government Sponsored Enterprises (GSEs) like Freddie Mac and Fannie Mae. 105

2008 March 14, 2008: Bear Stearns gets Fed funding as shares plummet. March 16, 2008: Bear Stearns gets acquired for $2 a share by JPMorgan Chase in a fire sale avoiding bankruptcy. The deal is backed by Federal Reserve providing up to $30 B to cover possible Bear Stearn losses. May 6, 2008: UBS AG Swiss bank announced plans to cut 5, 500 jobs by the middle of 2009 106

2008 September 7, 2008: Federal takeover of Fannie Mae and Freddie Mac September 14, 2008: Merrill Lynch sold to Bank of America amidst fears of a liquidity crisis and Lehman Brothers collapse September 15, 2008: Lehman Brothers files for bankruptcy protection September 16, 2008: Moody's and Standard and Poor's downgrade ratings on AIG's credit on concerns over continuing losses to mortgage-backed securities, sending the company into fears of insolvency. September 17, 2008: The US Federal Reserve loans $85 billion to American International Group (AIG) to avoid bankruptcy. 107

2008 September 19, 2008: Paulson financial rescue plan unveiled after a volatile week in stock and debt markets. September 25, 2008: Washington Mutual was seized by the Federal Deposit Insurance Corporation, and its banking assets were sold to JP Morgan. Chase for $1. 9 bn. September 29, 2008: Emergency Economic Stabilization Act defeated 228 -205 in the United States House of Representatives. September 29, 2008: Federal Deposit Insurance Corporation announces that Citigroup Inc. would acquire banking operations of Wachovia. October 1, 2008: The U. S. Senate passes HR 1424, their version of the bailout bill. 108

US GDP 1996 $7. 82 trillion 2007 $13. 84 trillion 109

Some things to think about 1. Short Term Compensation for long tailed risks 2. It must be ok if everyone else is doing it 3. Gone is not always gone 4. “The market knows” 5. Marginality 6. Leverage 7. Counterparty 8. Observed Volatility models 9. Growth & Risk 10. Inflexible risk model 110

Things to Think About 11. Diversification vs. Correlation 12. Liquidity 13. The end of the cycle 14. Disclosures 15. Greater fool theory 16. Valuation model procyclical 17. Recognition of Uncertainty 18. Risk limit for new risks 19. Law of One Price and replication 20. Underwriting 21. Giving away the pen 22. Excess complexity 111

Think About 23. Compliance Culture 24. Adversarial Risk Management functions 25. Regulation Dismantled 26. Keeping potential losses within the family 27. Empowering the Business units 28. Reliance on third party risk evaluations 29. Risk falls into the cracks 30. Ignoring second order consequences 31. Keeping it Simple 32. Stress Tests were not credible 33. Directors and Management Responsibility 34. Structural inability to participate in workout 112

An Old Question. . . Do you want to Eat Well Or Sleep Well 113