Causal Capital is hosting an advanced ERM masterclass in Dubai and we will demonstrate these models during that program [LINK].
A recent publication from the International Monetary Fund aimed at inspecting the overall fragility of the interconnected banking sector has Deutsche Bank at the centre of the Systemically Important Banks. When it comes to a network of threats, the entire banking system appears to be fragile to a handful of nodes and in this case, many of those roads for risk (edges) appear to lead to Deutsche Bank.
Fig 1 : Deutsche Bank, the heart of systemic risk | IMF [LINK]
The risk modelling approach the IMF have employed in this exercise is not new to the world of finance and portfolio analysts often investigate the interrelationships between assets in a portfolio of investments. The modeling difficulty with a portfolio of 'financial assets' is that the model of uncertainty itself suffers from the way in which the co-variant relationships change when systemic shock unfolds.
Away from finance, if we take a look at the fraternity of medicine, the combination of the presence of many factors is what usually drives survival rates for sick patients. A person’s end is often not down to one factor alone, notwithstanding the inherent genetic disposition of those infected can substantially modify the outcome. Amazingly some people do actually live through an Ebola infection ~ why patients' outcomes vary [LINK].
At an Enterprise Risk Level
Can we consider using these network structures to describe the interdepartmental fragility of an enterprise?
I believe we can, although it is very rare that systemic risk (fragility) is modeled by Enterprise Risk Managers in such a way.
In most cases the Enterprise Risk Management department will develop risk registries or if they are good at what they do, they will assist the business unit built these itineraries but this aside; risk registries generally only refer to the silo of risk being investigated and they are rarely connected to a risk taxonomy. You can test whether your ERM team have a grasp on systemic risk by asking them a couple of very simple questions, such as;
 What type of systemic shock scenarios do you model in your risk framework and
 What is the network of fragility in the enterprise to different risk scenarios.
Most good ERM teams can answer the first question but very few can logically or coherently address the second in a visual map but it doesn't have to be that way. I believe we can also utilize IMF type network maps in enterprise risk management.
Fig 2 : Establishing a Fragility Test in Enterprise Risk | Martin Davies
There are a few 'Structurally Directed Network Assessments' shown in fig 2 as the Directed Network Activity Layer (DNAL) that ERM practitioners can introduce into their overall risk assessment processes.
These DNALs identify current network dependencies that inherently drive fragility across a businesses and in a fully functioning or healthy company, these operating network dependencies will already exist and can be directly evidenced. That is the good news for risk managers and they need to see these DNALs not unlike the DNA structure in the cell of an animal except; this DNAL will furnish them the current coding for how departments may be impacted from a wide spectrum of catastrophic possibilities.
Let's walk through a hypothetical example to explain this very straightforward concept a little further.
Imagine you have a huge flood at a warehouse, there may be damage to assets in your warehouse just as you would expect but that is often not where the real commercial pain is felt, especially if the assets are already insured. Further into the supply chain of departments and knock-on effects, there may be impacts to logistics, the sales team and eventually accounts receivables and the cash flow of the firm.
[incident] >> [dep 1] >> [dep 2] >> [dep3] ... An alternate type of risk scenario may select a separate route of knock-on effects because its systemic shock path may be entirely different. So it carries on across a large array of ruin-like potential risks that management in your business have probably already identified in their risk registers.
When a single catastrophe occurs, often the biggest losses don't originate from the loss centre directly but are experienced as disruption across the internal network layer of the business, damaging the information flow between departments or introducing process latency further away and at locations adjacent to the incident site. A single risk incident in logistics may impact controls elsewhere in the business and there are plenty examples of this very situation.
"The fragility of the automotive supply chain has been highlighted by natural disasters, particularly in Asia over the past 18 months. Car makers are looking again at their supply chain strategies in the wake of the earthquake and tsunami in Japan and the massive floods in Thailand last year." | Toyota supply chain impacts Case Study [LINK]
Every business has unique points of fragility as we should accept and it is even possible that different business may react to the same set of causal risk factors in an alternate way and why not? ... If the DNAL supply chain coding isn't identical, why would the outcome be the same?
All this said, if a risk manager is able to interpret where a business is most fragile, they can prepare for specific event outcomes, they can also ensure that continuity responses are enabled before the shock occurs. That at the end of the day is resilience.
What we are attempting to do here is develop a network model of fragility, similar to our IMF study and in part II of this article, we are going to demonstrate how easy it is to model the DNAL structure of any business. We will also show how easy it is to read the resulting Systemic Risk Fragility Diagram.