Understanding Risk: The Theory and Practice of Financial Risk Management  is an excellent book for any financial professional who wants to learn more about the theory and practice of risk management. David Murphy, the owner of Rivast Consulting in London, simplifies a sprawling, complex topic and makes it an enjoyable read. He does a superb job of explaining the business context in which risk management decisions are made and describes some of the inherent limitations of the profession.

Reading this book today is especially instructive given the scope and severity of the recent credit crisis and resulting global recession. Risk management in the years leading up to the crash was clearly inadequate, and  Understanding Risk  reveals some of the key points of failure in the process.

The book was completed in late 2007, when the crash had yet to begin. Indeed, credit spreads were low, liquidity was high, and banking profits were even higher. Murphy, however, drops hints throughout the book that the situation is likely to change. In one outstanding example, he correctly predicts that the subprime mortgage market will be the trigger that transforms the environment:

Doubtless the broad market will experience a  credit crunch —dramatic spread widening and much less freely available credit—at some point. But what will cause the cycle to turn is less clear. One possible candidate is the U.S. mortgage backed security market: In early 2007, concerns were being raised about the quality of some mortgages, and if these jitters contaminate the wider market, the current era of tight credit spreads may end rapidly. (p. 38)

Murphy also discusses the practical aspects of effective risk management in financial institutions. Risk management is a balancing act—taking too much risk can jeopardize a bank’s survival but not taking enough risk is bad for profitability. Most firms use risk committees to establish their risk appetite and measurement methodology. Murphy argues that these committees need to be vested with legitimate decision-making authority to ensure the overall health of the institution:

The key point is that management must be managing (and be seen to be managing): A risk committee that simply reviews reports, rubber-stamps limit increase requests, and generally facilitates traders doing whatever they want is worse than useless. Worse because without it, at least the traders would be responsible: With a complicit risk committee, the management is responsible without being in control. (p. 56)

On a related point, Murphy states that good risk managers need “a hard head and an unbending sense of what is right for their institution” (p. xv). In other words, they must have the strength to push back when aggressive traders want to make deals that are bad for the firm. Murphy also asserts that “good risk managers require both technical and artisanal skills” (p. xv). That is to say, successful risk management requires more than a good set of models; human judgment is important, too. In a section on model risk, Murphy summarizes his views as follows:

A simple model used in a sophisticated way—including an understanding of the simplifications it is based upon—is often a lot less dangerous than a sophisticated model used in a simple way. (p. 157)

Judging from the credit crisis of 2008, most banks seem to have failed to follow at least one of Murphy’s suggested practices. Risk committees were rubber-stamping limit increases that they should have been rejecting. Risk managers were yielding to pressure from traders and using models they did not fully understand. The result was a near collapse of the financial system.

Understanding Risk  is well organized and can be read from start to finish or used as a reference guide. It is divided into four parts:

• Part One, “Risk Management and the Behavior of Products,” provides an overview of financial markets, the basic ideas of risk management, and the behavior of vanilla derivatives. For beginners, this introduction is comprehensive and straightforward.
• Part Two, “Economic and Regulatory Capital Models,” covers the relationship between capital and risk management. Murphy begins by defining capital and explaining why it is so important. He then discusses the three major types of economic capital provisions: market risk, credit risk, and operational risk. He concludes with a thorough explanation of regulatory capital requirements.
• Part Three, “Treasury and Liquidity Risks,” describes the treasury operations of a bank and the major risk management issues: asset/liability management and liquidity management. This section is particularly helpful for readers who are unfamiliar with the functions of a treasury.
• Part Four, “Some Trading Businesses and Their Challenges,” is a survey of complex credit derivatives (e.g., structured finance vehicles, inflation-linked bonds) and the difficulty of implementing them. Strictly speaking, it does not deal with risk management.

One peculiar and somewhat ineffective feature of the book is Murphy’s inclusion of short exercises throughout the text. The book asks questions that are designed to reinforce the lessons of the previous section but does not provide an answer key. For anyone other than a professor assigning the book to students, the exercises add little value. On the whole, however,  Understanding Risk  is a highly valuable reference work.

—C.S.