Bad actors, corporate greed, and misaligned incentives are taking their fair share of the blame for the
financial crisis—maybe even too much of the blame. Not everyone is a Bernard Madoff or a Jerome
Kerviel, and it’s unlikely that bad actors alone could have brought the global economy to a halt. Among
other causes, many people in the financial industry were trying to design innovative products that
would mitigate certain types of risk, and they inadvertently created risk elsewhere. Often this oc-
curred because their innovations interacted with other risks in unforeseen ways.
In an era of unconstrained computing power and ever more in the past and assume the world will behave similarly in the
sophisticated stochastic risk models, today’s best systems future, we can form an expectation about how risky events
failed to answer the basic question: How is it that, through will unfold. As long as the world behaves within the assumed
good or ill will, people had the opportunity to create risks bounds of uncertainty, we can assess the consequences of iden-
with such potent consequences? tifiable risk areas. This view of the world treats risk as an ag-
The creation of risk is a story that’s unfolding every day gregation of events with known uncertainties.
in every company. A vice president is about to act on bad Behavioral risk management, on the other hand, treats risk
information from her team. An analyst has misinterpreted emergence as a process that is much more fluid and continuous
the message in his data. A trader is trying to make up lost thanthe“event” viewsuggests. Thisframework first identifiesthe
ground from some deals that went wrong. This is a tale of interactions that produce key risk areas, identifies howthese risk
small, perhaps well-intentioned behaviors that threaten to areas will interact with other parts of an organization, and then
spin out of control. Even when all parties are doing what they outlines new risk areas that can arise from these interactions.
are supposed to be doing, the small flaws and imperfections This approach illustrates how good and bad outcomes ini-
that inevitably creep in can compound upon one another to tially form, rather than relying on statistical approximations
create undesirable consequences. that don’t always work—and sometimes fail when they’re most
The field of behavioral risk management is beginning to needed. These methods can even help existing statistical mod-
address the human factor behind how risk emerges. These els adapt to behavioral risk by continually updating assump-
tools will allow firms and regulators to manage behavioral tions and parameters based on the reality of behavior within
risk by catching and averting it as it is created. By contrast, the organization.
traditional models of risk management tend to oversimplify Concrete advances in social science, mathematics, and com-
the groupings of risk outcomes into homogeneous categories, puting are applied to these conceptual observations to create a
where the chances of good and bad outcomes are known, and robust methodology. This approach can be applied to any num-
simply react to the possibility of risk. The difference between ber of scales—from executives who want to drill down within
the two approaches is the difference bet ween chasing bad their business units to refine and implement strategic objectives
outcomes and trying to prevent them before they occur. to regulators and rating agencies that need to monitor an entire
industry to identify firms bordering on instability.
The human Factor A recent report by the Organisation of Economic Co-operation
Behavioral risk management is based on an intuitive observa- and Development, “Innovation in Country Risk Management,”
tion: Employees are making decisions of consequence at every is even urging countries to conduct this type of analysis on the
moment, and they may be doing it imperfectly. These decisions national and international level by taking account of interactions
are based on, and create, interactions with other employees (and between government departments, regulatory agencies, and the
their decisions). As the flow of information accelerates, so does private sector rather than viewing each in isolation. Another re-the number of interactions. Risk is the emergent property of all cent study by Swiss Re, “Scenario Analysis in Insurance,” finds
these complex interactions. The new approach to risk offers a that the insurance industry is increasingly, but still not fully,
conceptual framework that puts existing methods in context, adopting a similar perspective. With the Solvency II requirements
rather than scrapping them entirely, and evaluates risk from its on the horizon in the European Union, insurers will be faced with
stricter capital requirements, more scrutiny of quan-
attention to individual conduct.
titative risk assessments, and broader disclosure to
regulators. Behavioral modeling can help regulators
origins. This framework recognizes that companies are social and companies see eye to eye on how to apply these new rules.
structures full of people interacting with a generally aligned With a clearer picture of emerging risks, firms will better be able
purpose. Of course, the difficulty in pinpointing that “purpose” to verify to external parties that their capital levels are commen-
often obscures the best way of achieving desired outcomes. surate with their risk exposure. Regulatory changes in the finan-
Traditional risk analysis deals in probabilities of good and cial and banking industry are likely to follow the same themes and
bad outcomes. If we look at the frequency of these outcomes will need similar tools.