While institutional investors may be quite aware of large and sudden “black swan” events – Covid, interest rate hikes and geopolitical turmoil – they are less ready for so-called “tail risks” that threaten market function in times of stress.
According to a PGIM survey of 400 senior investment decision-makers at institutions across Australia, China, Germany, Japan, the UK and the US, many investors are ill-prepared for risks that include a liquidity crunch in key capital markets and even risk-management complacency itself.
“Too often investors are surprised by things that in retrospect were staring them in the face,” said Shehriyar Antia, head of Thematic Research for PGIM, the global asset management business of Prudential Financial.
LACK OF PREPAREDNESS
“The pandemic, the Global Financial Crisis, the dot-com bubble — these events were all foreseeable to different degrees. Financial institutions must either game-plan for the unexpected, or expect to be blindsided.”
The survey found that while over half of large institutions -- $50 billion and above – actively monitor tail risks, only 3% have dedicated tail-risk managers. Less than a third, or 32%, had prepared specific risk response plans.
Offered a set of scenarios ranging from Eurozone country debt default to nuclear war, respondents were asked to identify their top three tail risks. These included (in order of importance):
- An unexpected liquidity crunch in key capital markets (US Treasuries, commodities, etc.) that results in a market crash. Respondents said a liquidity event in a “safe haven” like US Treasuries would likely have cascading effects that neither capital providers nor investors would be prepared for
- Geopolitical conflict in the Taiwan Strait or South China Sea. The research cites the Semiconductor Industry Association which estimates that if Taiwan semiconductor production were to shut down for a year, the cost in annual revenue to device makers worldwide would amount to $490 billion
- A cyberattack that disables a major financial platform or government agency for a significant period of time. Only 30% of respondents said they were prepared for such a major cyberattack — despite this being seen as one of the most likely tail risks to occur over the next three years
An executive at a major US cloud-based information security company told AsianInvestor that the sheer sophistication and prevalence of cyberattacks meant that corporations needed urgently to prioritise cyber threats in their routine risk assessments.
He identified ransomware attacks as the most brazen and cutting-edge on the spectrum of cyber threats and estimated that upwards of 20% of ransomware victims actually paid the ransom to regain access to their data.
“Ransomware was once a kind of single-threaded attack where they locked down your company, your application and your software until you paid a ransom,” he said. “Now it’s a double threat where not only have they locked down your systems but they’ve also taken your data.
“That’s customer data, employee data, vendor data, personally identifiable information or credit card numbers and they threaten to make it public unless they’re paid.”
The focus has also shifted from single company or corporate attacks to actually include the whole of an enterprise’s supply chain, he said.
“I think the interesting and scary ones are the cyber-attacks that hit the hundreds, and sometimes thousands, of companies connected with one organisation. You only have to look at recent ransomware attacks like JBS to see the scale of it,” he said, referring to the global meat processing company.
JBS Foods last year confirmed it paid the equivalent of $11 million in Bitcoin to a criminal gang to end a five-day cyber-attack that halted its operations around the world.
THE COMPLACENCY CHALLENGE
While investors acknowledged a variety of gaps in their investment risk monitoring – among them, the failure to detect risks early (36%) or react to them speedily (41%), or a simple inability to predict black swan events (36%) – most worrying was that nearly 3 in 10 identified risk management complacency as a key challenge.
According to a KPMG report entitled Ten Key Regulatory Challenges of 2022, global regulators are increasingly expecting risk and control functions to be part of continued business, operational, and technology change.
“The sense that ‘it cannot happen here’, the ‘third party owns that risk’ or ‘that’s the way we’ve always done it’ is unlikely to be a strong or sufficient risk stance and will be increasingly pressured by regulatory supervision and enforcement,” the report noted.
The PGIM research, meanwhile, found that institutional investors deployed three main approaches to monitor investment risk: holistic monitoring across asset classes (44%), regular risk scenario analysis (41%) and regular evaluation of the effectiveness of risk management processes (41%).
“The best insurance against such rare and complex events is taking a long-term view and diversifying portfolios,” said PGIM's Antia. “Active managers can build portfolio strategies that will protect investors in a variety of scenarios.”
Monitoring leverage, collateral arrangements, and liquidity positions through these shocks could help investors avoid becoming a forced seller while the event is unfolding, PGIM suggested.
When considering risks that are subject to extreme -- and potentially not diversifiable -- outcomes, investors should also consider stress testing as opposed to looking at traditional statistical measures that make assumptions which may not be realistic for some exposures, the firm advised.