One way of understanding extreme risk management (aka tail risk management) is to think about what extreme risk management is not. Let’s take five minutes to compare and contrast tail risk management and other, related concepts.

A tail risk is an event with a small probability of happening but with a big severity in terms of impact. In every event there are tails; there are really, really good things that can happen and really, really bad things. The term comes from looking at the bell curve, or so-called normal distribution of results. The tails of the bell curve extend out to plus or minus infinity with ever-decreasing probabilities. Simply put, tail risks are by definition small, if not tiny. Returns from a business investment are under ‘normal’ conditions distributed in exactly that way, around a bell curve, with few instances of massive gains and few instances of humongous losses. The financial crisis of 2008-09 was an example of a rare event, or series of events, that coincided to cause a meltdown in stock markets around the world.

Extreme risk management is not about hedging. Rather it is more about solid business risk management skills that embodies also just-in-case risk management. Tail risk management is much more than shielding asset returns from unexpected events. Tail risk management is about protecting the firm and/or fund’s capital from sudden massive losses as well as about sustainability. With Value4Risk, tail risk management embraces a qualitative approach rather than quantitative approach when managing extreme events.

Extreme risk management is not about constantly worrying. It’s not about fretting and constructing worst-case scenarios. A tail risk management program is not designed to freeze an organization because of the fear of what might happen. It is instead about exercising informed judgment to manage our environments, to assess what realistically might happen, to control what we can control, to take advantage of opportunities that are worth pursuing, and to achieve our goals.

Extreme risk management is not about strategic planning. No doubt, you and your organizations have gone through strategic planning processes in which you have done a SWOT analysis, which looks at strengths, weaknesses, opportunities, and threats. Yes, we do talk about threats and opportunities in tail risk management, and we focus on building our strengths and reducing weaknesses. But the emphasis in a tail risk management program is dynamic. Furthermore, where strategic planning projects into the future what an organization would like to do, tail risk management focuses on identifying the weakest links and how to avoid the slipups that could undermine the existence of the firm. 

Extreme risk management is not about the adequacy of (economic) capital. Studies show that meeting regulatory capital requirements is no assurance of survival in a crisis. Per “Federal law and OTS regulations … An institution is treated as well-capitalized when … its Tier 1 risk-based capital ratio is 6.00% or greater … ” said the 2007 annual report of Washington Mutual, which appeared to be in fine fettle with a Tier I ratio of 6.84% before its collapse. The need for a larger cushion is real, but it must objectively relate to the extreme tail risk that creates this need. Simply requiring higher capital is no assurance that a fundamental problem has been addressed.

Extreme risk management is not about avoiding risks, but about avoiding casualties and traumas. Risk is to be managed, it is not something that can entirely be avoided. In the latter half of the 20th century, we seduced ourselves into thinking that we could reduce risk to near zero. In the process, we started to lose some of skill sets we need when a risk does manifest itself.

Extreme risk management is not about enterprise risk management. As a risk manager, it is not enough that I have used enterprise risk management to identify, prioritize, treat and monitor risks. I am also required to consider the black swans after this process and analyze whether more needs to be done. The natural tendency to become complacent — “I have done enough thinking” — is countered by asking, “Have I done enough thinking?” and “Am I ignoring residual risk?” At the end of the day it’s a matter of behaving professionally at all times, and being keen to create an added value that will protect and even help grow the business.

Extreme risk management is not about auditing. Auditing is usually performed by accountants, and it usually is performed in order to determine whether financial statements are presented in accordance with generally accepted accounting principles. Tail risk management may draw upon auditing procedures. For instance, risk management might involve sampling, verification of data, tracing information, and reporting results. But getting an audit – and receiving a “clean” or unqualified audit opinion – is not the same as having a tail risk management program. The two are very different. An organization with no tail risk management program may get a clean audit opinion by presenting its financial information in conformity with GAAP, and an organization with a tail risk management program may receive an adverse audit opinion (by having material misstatements that undermine the accuracy of the organization’s financial reports).

Extreme risk management is not about financial models. Financial institutions openly opt to continue to rely on traditional risk management fed by probabilities tailored by financial models as well as by Big Data (under the auspices of the banking regulators, one must say), not to mention the traditional risk control methods to track down tail risk events. But, whichever way you look at it tail events occur much more frequently than Gaussian distributions and data mining imply, and concentrations are not always sufficient to identify pockets of tail risks. Given increased global capital mobility since the early 1980s, the frequency, magnitude and complexity of financial crises appears to be increasing, and no financial model will ever be able to grasp that fully.

Finally, extreme risk management is not the entirety of management. Management, generally speaking, includes supervision, motivation, discipline, and a host of other activities that coordinate efforts within an organization. Tail risk management is a part of overall management, but it is not all of it.