Foreword: I have been hesitant about how to share my learning and experience in risk management. As suggested by forum friend wwqqer, I hope to share some learning experience, but it must be a unique martial art that is not in the book. In fact, the Internet is so developed now that everyone with certain knowledge or professional skills can publish their own analysis through self-media and other methods. I sometimes read articles on public accounts, and I often lament that the gap between non-professionals and professionals in certain fields is shrinking rapidly, especially in the field of investment management. Most people will express some opinions, but it will take a long time for the results to come out. Verification, and the results have a certain degree of chance, which increases the difficulty for professionals and non-professionals to distinguish in the short term.
An individual currently serves as an independent approver of capital market business in a financial institution, responsible for consultation, guidance and review of capital market business. PRM holds Witnesses and Senior Members. My personal experience does not start with risk management, but with investment, which is a great advantage. One of the main purposes of risk management is also to help the organization make profits, so one of the advantages of switching from a business line to risk management is to understand the business. Understanding the business includes understanding the logic of the business, and more importantly, understanding the perspective of business personnel looking at problems. Risk management within an organization often ultimately involves corporate governance issues. The so-called corporate governance refers to how the rights within the company are divided among different groups. The division of rights is also the division of interests. Risk control-related rules and regulations, threshold limits, business guidelines, etc. often cause entanglements of interests. In the process of disputes, one must be good at seeing problems from the other party's perspective, understand the other party's core demands, and have strong communication skills to communicate, discuss, coordinate, improve, and even compromise in some cases. So let’s not talk about other requirements first. In terms of experience and ability, it is best for those engaged in risk control to have some business experience and strong communication skills.
It is not easy to be familiar with business in the financial field, especially risk control, which requires both breadth and depth. Many people's understanding of so-called risk control is limited to building models, setting parameters, and doing statistics in financial institutions. This sketch includes some risk control practitioners, but only a very small part.
To be familiar with business, one is to have an overall understanding, which is the foundation. The so-called overall situation is not just piecemeal, but a structured and hierarchical understanding of a system in depth. For example, for the market, you must at least understand the equity, bond and futures markets, which are the securities regulatory system; you must also understand the loan market, financial management market, and trust market, which are the banking regulatory system; and finally there is the insurance market, which is the insurance regulatory system. Depending on the depth of the organization, the focus can be different, but the breadth should also be covered to a certain extent. Under the premise of the current acceleration of large-scale asset management and asset securitization, the focus of recognition can be placed on the standardized financial market under the securities regulatory system, but other markets cannot be ignored, because competitors in the large-scale asset management market include banks and trusts and insurance institutions that are not part of the securities regulatory system.
The second is to have an understanding of the profit model. To put it more simply, it’s what you make money from. It is necessary to have systematic analysis methods, such as DuPont analysis, fee difference analysis, revenue and cost analysis, customer experience analysis, etc., to confirm how to make money. It is also necessary to summarize the unique competitive advantages according to different organizations. It can be a certain link, A certain technology, a certain service, but in the end it also strengthens one or several factors of the above system analysis.
Can familiarity with the business help to recognize risks? This is certain! From a macro perspective, the most threatening risk faced by institutions is not market risk, credit risk, or liquidity risk, but business risk. What is business risk? It means that a certain type of business is forced to shrink, weaken, suspend or even terminate due to changes in the external environment. If a certain type of business is almost gone, what is the point of getting entangled in the minutiae of this type of business and guarding against its market, credit and liquidity risks? For example, in the online consumer loan business, the listing of Qudian sparked public opinion, leading to strict regulatory measures, and many consumer loan platforms were forced to close. This is a business risk caused by regulation. For another example, Alipay and WeChat Pay have led to the gradual marginalization of other payment platforms and methods. This is a business risk caused by competition. At a micro level, familiarity with your business can help you determine the specific risks your business faces. For example, it is first divided into loan business and investment business. The investment business can also be divided into fixed income, equity or derivative products, and then broken down into more basic risk factors.
All that has been said above is actually one point. One of the values ??of risk control is to serve the business. The main purpose of risk control is for profit and stability. and lasting profits. The so-called stability and durability means that the institution can calmly face the unpredictable market under appropriate risk management, continue to operate within a certain cycle, and continue to create profits for shareholders. Another value of risk control within an organization is to serve management.
All institutions can be viewed as a system, consisting of three parts: input, processing, and output.
If it is an enterprise, the input is various raw production materials and labor force, the processing process is a process or production line, and the output is a certain product; if it is a financial institution, the input It is the capital and various system restrictions, and the processing determines the use of funds under various restrictions, and the output is a certain kind of financial service. The risk control department generally spans all business departments. A large amount of company information is summarized in the risk control department, which is a department that can see the overall situation. The business systems and guidelines developed by this department cover not only input, but also processing and output. Therefore, this is a department that assists company management to manage the business more effectively through statistics, consultation, restriction, guidance, etc. So I mentioned before that if you only think of risk control as making models and making parameters, then you think of risk management too simply. Although there are risk practitioners who make a living by making models (serving the business) , but this is not a comprehensive feature. But it must also be admitted that the value creation of risk control at a higher level is related to the level of the risk control personnel. The company will obviously not assign part of the management functions to a lower-level risk control personnel, but even if it is a lower-level risk control personnel, The role of control personnel within the organization is also to serve the business or management in the general direction.
If the value of internal risk control in an organization can be simply summarized as: serving business and serving management, then this can be used as a criterion to judge whether a risk control personnel is valuable. And, in a way, how valuable it is. Simply put, risk control personnel include business risk control, comprehensive risk control and management risk control. Most general risk control practitioners enter the industry as risk control specialists of a certain type of business. This stage has higher requirements for models, algorithms and systems. With the deepening of seniority, he gradually becomes the person in charge of risk control of this type or certain types of business. At this time, he has initially possessed certain management functions and can already influence the business development rules of one or several business lines and propose relevant rules to business personnel. Value advice. It is also at this stage that risk control personnel may begin to realize the importance of soft skills (communication skills, coordination skills, etc.), and begin to pay attention to changes in regulatory policies and laws and regulations. It is also at this stage that they will realize: the largest organization The risk is business risk. The highest stage of risk control is managerial risk control, which basically reaches the level of risk control director or even chief risk officer. This level participates in the company's operations, coordinates the company's various resources that can deal with risks, and ensures that the company can make stable and lasting profits under various restrictions. The company can deal with risk resources in terms of hardware, including: profits, capital (including original capital and retained earnings accumulated over the years), and liquidity resources. From a software perspective, it includes: the company’s risk appetite, the company’s risk policy, and the company’s reputation. Among them, risk appetite is basically determined by the management; risk policy is mainly output by the chief risk officer through two tools at his disposal, one is called the risk management department and the other is called the legal and compliance department.
If the name is not correct, the words will not be correct. The previous section mainly introduced the value and positioning of risk control within the organization. This is to rectify the name of risk control. Now that the name is correct, we can start the topic: the cultivation of risk control ability.
Depending on the content and nature of risk control within an organization, it can also be subdivided into different positions, and each position has different requirements for abilities and skills. There are risk controls that focus on front-office business (investment risk control), there are relatively pure middle-office risk controls, and there are back-office risk controls that are closer to operations. These types of positions are at the same level in terms of remuneration: front > middle > back. In terms of importance, there is no priority among the several types of risk control. Although the front-end risk control is close to the profit source and seems to be the most important, in fact all three types of risk control are important.
First, in recent years, backward risk management (mainly operational risk) has increasingly become the management focus of large foreign institutions. The main reason is that the resulting losses, whether they are tangible and can be directly measured by economic value, or intangible and can be measured by company reputation and customer experience, are all profound lessons.
Second, the higher the level of risk control, the more management content is involved, and the more one can understand the truth: the organization as a whole needs to be stable and hold profits. The institution has no obvious “shortcomings” in risk management (another fancy term is: comprehensive risk management). For many large institutions, operational risk is more important than market and credit risk to some extent, for reasons I won’t go into.
In view of my personal experience, what I want to introduce is mainly forward-oriented risk control. To better illustrate my point, I leave a few questions here.
Not to cause an academic debate, just to draw out my point of view:
1. Listed companies serve to maximize the interests of shareholders ( )
A. Correct B. Incorrect C. Not entirely correct
2. A relatively fair valuation of securities with public quotations should be public quotations ( )
?A. Correct B. Incorrect C. Not entirely correct
3. Once the company goes bankrupt, the company is finished ( )
< p> ?A. Correct B. Incorrect C. Not entirely correct
4. Listed companies have advantages over unlisted companies ( )
< p> ?A. Correct B. Incorrect C. Not entirely correct
5. A higher inflation environment is detrimental to the company ( )
?A. Correct B. Incorrect C. Not entirely correct
6. One of the key points in managing an investment portfolio is appropriate diversification ( )
< p> ?A. Correct B. Incorrect C. Not entirely correct
Based on my experience, the answers to the above questions are: Not entirely correct.
My understanding of the above issues basically went through a process of initially thinking it was correct, then thinking it was incorrect, and finally thinking it was correct under certain conditions. From this, I think that in terms of soft skills: The training of a risk control personnel mainly includes:
■? Forming an open mind: Be open to new things, new ideas and even opposing viewpoints. Have an inclusive attitude. Openness is not about looking at problems from your perspective, but about understanding other people’s logic and perspectives. If a person interprets other people's opinions with his or her own prejudices, most of them are doing so with a critical attitude. So let go of your own explanations first and try to look at the issue completely from the other party’s perspective, standpoint, and interests. After going through this, return to yourself and think with the existing knowledge.
■? Improve the level of cognition: Look at problems at multiple levels and angles, and be good at thinking about problems from different perspectives of interests. For example, transactions, especially complex transactions such as mergers and acquisitions, involve multiple stakeholders, including: financiers, creditors, customers, ordinary employees, senior management, and regulatory authorities (including taxation, industry authorities, and transaction approval departments) , each subject has its own different interests and considerations.
■? Refining and using models: The models here do not refer to quantitative risk control models but to thinking models, but to psychology, physics, mathematics, economics, Multidisciplinary models of biology, literature, and more. For example, from literature I learned the importance of distinguishing facts and opinions; from mathematics I realized the improved role of the Bayesian model in decision-making: that is, when some facts appear, I need to review whether the basis for the original judgment is still valid. ; The law of inertia of physics tells us that the inertia of certain historical factors in the financial system or company operations is very strong, unless there are other factors that are strong enough or small but persistent enough to force it to change.
Attached are some models that I summarized and collected, thought about and tried to use. This should be regarded as a unique martial arts. Its essence is to look at the problem from multiple dimensions. Of course The use of mental models I am also a student myself.
Attachment 1
Attachment 2
Mentioned last time Risk personnel, especially those working in the frontline business, need to train soft skills. Let me give you a few daily examples.
Example 1: For example, a listed company wants to pledge stocks for financing
1. After checking the financial reports of the past three years, it was found that the The company's fundamentals are slightly weaker.
2. After quantitative model analysis, the score is relatively high, with about a 40-50% discount on the pledge rate.
3. After due diligence, it was discovered that the company’s major shareholder was involved in a private small loan litigation during the year.
Reasoning process:
First, based on experience and combining 1 and 2, judge the probability that the company is in good condition 50%.
Second, according to 3, that is, the major shareholders are still involved in private repayment disputes under the premise of controlling the listing platform, indicating that the capital chain is tight. (A simple analogy is that the major shareholder who controls the listing platform in China is equivalent to holding the money printing machine)
If the probability of the company's initial state being bad is 50%, then the company is in good condition. Under such circumstances, the probability that a major shareholder will be involved in small loan litigation is 20%. If the situation is not good, the probability that a major shareholder will be involved in small loan litigation is 80%. According to Bayes’ theorem, it is estimated that if a major shareholder is involved in small loan litigation, the listed company is in bad shape. The probability is: 80%. (The essence of the reasoning here is that when a major shareholder of a listed company is involved in a lawsuit against private small loans, the initial judgment that the probability of non-performing status is 50% is revised to 80% of the probability of non-performing status in such an event)
Result: A major risk event occurred in the company about a week later.
Example 2: LeTV
I personally have raised major doubts about LeTV in 2015, and there are some in the forum. Articles I wrote in 15 years. Because my institution is relatively cautious in risk control, it has not invested in any business involving LeTV. This is a good thing this year compared to many peer institutions that are deeply entrenched.
1. After reviewing its financial reports over the years, we found that the company's fundamentals are very weak.
2. Using my own free cash flow model comparison, the answer to the three core questions is no.
a. Is it making money? ? No
b. Is the trend of making money sustainable? No
c. How big is the risk? Self-financing, excessive financing, and excessive guarantees are extremely risky.
3. Reverse thinking: According to the model, in order to maintain LeTV’s stock price at that time, its free cash flow must turn positive within 3 years and grow by more than 50%. What is this? concept? Free cash has grown 57 times in 10 years. Taking into account PE's amplification of free cash, the market value may grow even faster. What is the probability of this? There are few existing listed companies. There are nearly 3,000 listed companies in the sample, and there are almost none, which means that even if there are, the probability is extremely small. This is equivalent to telling us: Will LeTV be such a company? Most likely not! Bayesian! ! ! Bayesian! ! !
Example 3: A listed coal chemical company suffered losses for two consecutive years and was ST’ed. At the same time, it entered debt restructuring due to insolvency.
The idea of ????doing debt restructuring in China is often
(1) Capital reserves are converted into equity and used for repayment Debt or use converted stocks to finance debts from new investors
(2) Spin off the assets of loss-making businesses
(3) Put them into profitable businesses (asset restructuring) < /p>
1. Probability theory: If a thing has multiple links nested before and after, even if the success probability of each link is 80%, the probability of success after 4 links will be Only 40%. The steps here include: asset divestiture, converting into equity capital to introduce debt repayment funds, maintaining the shell of a listed company with some small businesses, and injecting profitable assets. 2 and 4 are more difficult (low probability), while 1 and 3 are less difficult (high probability). The final result is that the stock price will rise and investors, debtors, creditors, etc. will achieve a win-win situation.
2. Psychology: How do interest groups make decisions during crises? Self-interest. Considering that the capital transferred from capital reserves are all tradable shares, once the market risk increases or the stock price is unfavorable, there will be a large number of selling orders. The high-level term is called stop loss. In fact, it is a psychology of getting back a little bit.
3. Evolution and Motivation Perspectives: Nothing changes overnight, especially when the interest relationships and personnel within a bankrupt company have adapted to the old system after long-term evolution. , concepts and ways of dividing interests. Because bankrupt enterprises are state-owned enterprises, it is very difficult for new entrants to achieve market-oriented disposal, that is, market-oriented disposal personnel and redundant departments, but it cannot be established without destruction. If new entrants cannot make money with a high probability or have more troubles than benefits, their desire to take over will be very low. (You may still have fresh memories of the layoffs (unemployment) of a large number of employees in the early 1990s. To a certain extent, the second spring of state-owned enterprises later has a lot to do with this wave of disposals at that time).
Conclusion: The current observation is that the negative opinion issued at the beginning is basically correct. The company has not completed the asset injection, that is, it has not found a successor, and the stock price is basically around the transfer price. , is expected to fall below.
Having introduced the long-term soft skills that need to be cultivated in risk control, let’s talk about the hard skills. According to my experience in working with people, the ones that need to be cultivated include:
p>
■? Familiar with your market. Market is a broad term, which includes a series of contents such as institutions (players) in the market, products in the market, basic rules in the market, and infrastructure in the market. In terms of depth, your main battlefield should be deep enough so that you can see things no one has ever seen before. In terms of breadth, there must be sufficient coverage, because markets are not isolated but interconnected, and one must be good at using the conditions of different markets to verify some of one's judgments.
■ Familiarize yourself with your tools. Depending on the specific field of work, tools include models, procedures and algorithms, financial knowledge, tax knowledge, and the main laws, regulations and departmental regulations in your field of work. Taking myself as an example, I am mainly responsible for the review of capital market business, so the tools I need are financial knowledge, laws and regulations of the securities regulatory system, and financial models (stock pricing models, stock pledge models, bond models) developed based on work needs and experience. evaluation model, etc.) and some thinking and probability models.
■?Tools should also be updated. For example, when new regulatory regulations come out, you need to follow up and learn, and update the parameters and assumptions of the model to reflect the new information. Taking myself as an example, the stock pricing model I used was first developed based on free cash flow (based on the assumption of the company's sustainable operations). It was later further improved, adding a relative valuation method, and increasing the understanding of the company as a financing and investment subject. (i.e.: the company’s non-continuous operating role, but instead considers the company’s role as an investor). The current valuation model has developed to version 9.
■?Expand your information channels. Sources of information channels can be public media reports, industry associations, circles of friends, etc. Whether the certificate is CFA, FRM, PRM, etc., I personally feel that the greatest value is to screen people and set thresholds, and secondly, to increase information channels. As for the knowledge learned in the certificate certification, you still need to learn selectively. As you accumulate work experience, you may find that many standard theories are incompatible with practice, or that the game is not played at all. Another advantage of expanding your information circle is that many times you don’t need to be proficient in everything. If you can know who can solve a problem or what method can probably solve it, this is already a great advantage.