The Precautionary Principle in the realm of risk management states that if an action or policy has a suspected possible risk of causing harm to the public, society at large or even to the extended environment; in the absence of scientific consensus that the action or policy is not harmful, the burden of proof that it will do no harm falls on those taking the action.

Under the Precautionary Principle the actor becomes responsible for acting and one would have thought that would be sane logic in a fair world. However, given the huge number of man-made risk management related calamities this world has recently endured and paid for through state funds, we clearly aren't inhabiting a world founded on principles of equity in precaution. The systemic melt down of the global financial sector and its subsequent bailout is a classic example of what we are talking about here. Privatizing profits and socializing losses goes directly against the grain of the Precautionary Principle.

Putting the Global Financial Crisis to the side for a moment because it does kind of fade into pale comparison when one considers the Fukushima fiasco and latest news emanating from Japanese authorities is beyond incredible. Apparently, the radioactive threat is so unstable for the region of Japan that these people are considering to build a wall of ice [LINK] around the entire nuclear site to save the environment beyond. Again we are drawn to operate in response to failings from ignoring the Precautionary Principle.

Which leads me to discuss a recent publication Alex Dali of the G31000 group drew my attention to.

The Logic of Risk Taking from Skin in the Game by the famous author, Nassim Taleb [LINK] is a wonderful piece of reading for risk managers and I recommend practitioners peruse and contemplate his brief.

The paper starts off with and maintains a discussion about ruin, a tail end position when represented mathematically or specifically in a parametric sense that is difficult to fathom for the bystander because it is so improbable ...

"Warren Buffet ~ anyone who survived in the risk taking business has a version of it: “In order to succeed, you must first survive.”

My own version writes Nassim Taleb has been to “never cross a river if it is on average four feet deep.” and the paper promises to deliver, which it does might I add: "the logic of risk taking and redefine rationality in accordance with it. A logic that is markedly different from standard logic. For instance: One may be risk loving yet completely averse to ruin, the central asymmetry of life."

What is important for risk managers to consider here is not that risk is entangled with opportunity or that all objectives are bundled with some kind of uncertainty which stakeholders may be adverse in taking, a place surpassing the limits of risk appetite. That is all too obvious and a story of risk management that was discovered centuries far ago. What the paper does deal with is beyond this 'normal end' or spectrum of decision making in the foreground of something uncertain. It contemplates the boundaries of where ruin begins, where it occurs as an outcome of event factor correlation and whether ruin actually has a place past death. Can there be something worse than your own end?

This may seem so simple and elementary that debating it will have some people believe that little can be yielded from such frivolities but I assure you quite the opposite is true. The majority of our man made systemic failures appears to be founded in an oversight of the extension of what is normal into the place of ruin, just as the Japanese are quickly discovering with the Fukushima catastrophe. Might I add, 'catastrophe' is a word the Japanese authorities seem to have an aversion in using when they describe their nuclear accident but then we can also see the Precautionary Principle has been violated in the lead up to the risk management of this specific event.

Let me drive home some horrible truths with risk management frameworks today which show they suffer from a similar lack of the Precautionary Principle, especially in the context of ruin where it matters most even though it doesn't matter that often. Many systems risk managers supposedly rely on each day are deeply flawed including; the risk heat map which over simplifies risk reporting, the assessment of risk without an understanding of what is material is also foolish. The averaging of exposure by multiplying the frequency of an assessed event with its associated magnitude is ridiculously trapped in the mundane or normal spectrum and finally, an avoidance to aggregate threats in risk reports and enterprise wide, leaves many institutions enterprise risk management systems susceptible to ruin.

The Structured Business Solution | Martin Davies on EVT [LINK]

Risk managers need to be able to dimension the scope of threats they face and develop structured business solutions for these uncertainties, similar to the example in the Extreme Value presentation shown on the slide above. What we see here is not average risk positions but a whole range of potential outcomes that have different targeted responses based on various limit thresholds that are being breached.

Risk Framework Elements

This again seems straightforward to comprehend but to reach this point of risk management maturity requires a substantial number of management framework components to be in place and integrated. Unique elements that allow risk managers to [1] capture and model data, [2] price risk premiums (a topic for great debate) to allow a suitable response to be selected, [3] the ability to assess the potential outcomes from uncertainty within specific objectives, [4] understanding where these idiosyncratic objectives break and how much uncertainty they can tolerate, all needs to be functioning. Then to finish up, [5] a portfolio of objectives needs to be assembled so that the combined effect of risk can be 'dimensioned'. Many businesses can suffer the idiosyncratic shock or the failure of a single objective but not a multitudinous collapse of many objectives through a narrow time horizon.

The thing is, I don't hear enough risk managers talking in this way. There are some that look for a place of zero risk which is a fantasy and many others focusing heavily on controlling small risks without considering how these risk factors combine to create a story of ruin.

Here are some questions to put forward to a risk manager to ascertain whether they have a grip on ruin:

1. Do you report risks in an aggregated fashion?

2. Do you measure risks in a parametric manner?

3. Do you know the constraints under your processes, products and operating environment or the levels of tolerance? ... Where are the limits?

4. Are you capturing data through time and monitoring these changes in Key Risk Indicators?

5. Have you stress tested this data using tools such as Monte Carlo along with Extreme Value Theory?

6. What is your policy response to catastrophe?

7. Do you have an idea on which factors may lead your entity to ruin?

8. How are you measuring and managing expected uncertainty?

If a risk manager is unable to answer these questions and evidence those answers, you are fragile to ruin.