During the pause of a Risk Management conference, a professional risk manager, an accountant and an actuary were in the gents room standing at the urinals. The risk manager, who finished first, walked over to the sink to wash his hands. He then proceeded to dry his hands very carefully. He used paper towel after paper towel to ensure that every single spot of water on his hands was dried. Turning to the accountant and actuary, he said, "We risk managers are trained to be extremely thorough to prevent any risk at all."

Then the accountant finished his task at the urinal and proceeded to wash his hands. He used a 'single paper towel' and made sure that he dried his hands using every available portion of the paper towel. He turned and said, "We accountants are not only trained to be extremely thorough in preventing risk, but we are also trained to be extremely efficient in managing and controlling risk as well."

Finally the actuary finished and walked straight for the door, shouting over his shoulder, "We actuaries, we never get our hands dirty"


Links:
- If people think other people are watching them, then they are more likely to wash hands

Never heard of of Soft-Risk Management? After this blog you'll never forget!

Google
This month Google's world class co-founders Page and Brin announced (SEC filing) they'll sell 17% of their shares (at today’s prices valued at $5.5 billion) in the next five years.

As a consequence their voting rights will be reduced to 48%, implicating they will no longer have a majority control. “They are both as committed as ever to Google...”, Google said in an e-mailed statement.
Why this statement? Was there anyone who doubted this?

Of course Google is still and will hopefully stay a strong company and a strong brand. Nevertheless - without jumping the conclusions - it's clear that this low-key announcement, although it doesn't seem to have any direct financial consequences, might turn out to be the straw that breaks the camel's back in Google's life cycle development. This kind of company press release is in fact a 'disguised risk indicator', or in other words a :

Soft-Risk Indicator (SRI)

A SRI may be defined as 'knowable' information about a company, that could influence the company's value now or in the future , but doesn't seem to have enough (financial) power to do so now or on its own

Although just one ignored SRI could already be fatal, a combination of two or more SRIs could become a severe risk. A bunch of SRIs could create a chain reaction and lead to a kind of supernova explosion.
It's just like a grain dust explosion. A few grains are no risk, they don't explode. However in an accumulation of grains, one innocent 'hot' grain or a small environmental change in dust concentration, is enough to create a mega explosion. Just like grain dust, SRIs can become a severe risk when the environment (suddenly) changes.
Consequently, an out of the blue 'change of environment' is also a Soft-Ris Indicator on its own.

Don't mix up Soft-Risk with Systemic Risk. Dust particles don't directly 'participate' in one another, in fact they build up to a certain critical density. Soft Risk Loss
SRL = E( SRI_i=1,2..n )It's just the composition of SRIs in combination with the special SRI of 'the change in environment' that creates a major accumulated (explosion) Soft-Risk that may eventually result in a Soft Risk Loss (SRL). However, once the SRL has occurred and has been measured, the corresponding SRI becomes a 'normal' Risk parameter.

Are there more Google SRIs?
Yes! One of the best Soft-Risk Indicator blogs of 2009 is written by Googles leaving lead visual designer Doug Bowman, it's called:


Please read the next extract of Bowman's blog from a risk management perspective, as he explains his decision to leave Google after three years.

Goodbye, Google

Without a person at (or near) the helm who thoroughly understands the principles and elements of Design, a company eventually runs out of reasons for design decisions. With every new design decision, critics cry foul. Without conviction, doubt creeps in. Instincts fail. “Is this the right move?” When a company is filled with engineers, it turns to engineering to solve problems. Reduce each decision to a simple logic problem. Remove all subjectivity and just look at the data. Data in your favor? Ok, launch it. Data shows negative effects? Back to the drawing board. And that data eventually becomes a crutch for every decision, paralyzing the company and preventing it from making any daring design decisions.

Yes, it’s true that a team at Google couldn’t decide between two blues, so they’re testing 41 shades between each blue to see which one performs better. I had a recent debate over whether a border should be 3, 4 or 5 pixels wide, and was asked to prove my case. I can’t operate in an environment like that. I’ve grown tired of debating such minuscule design decisions. There are more exciting design problems in this world to tackle.

I can’t fault Google for this reliance on data. And I can’t exactly point to financial failure or a shrinking number of users to prove it has done anything wrong. Billions of shareholder dollars are at stake. The company has millions of users around the world to please. That’s no easy task. Google has momentum, and its leadership found a path that works very well. When I joined, I thought there was potential to help the company change course in its design direction. But I learned that Google had set its course long before I arrived. Google was a massive aircraft carrier, and I was just a small dinghy trying to push it a few degrees North.

I’m thankful for the opportunity I had to work at Google. I learned more than I thought I would. I’ll miss the free food. I’ll miss the occasional massage. I’ll miss the authors, politicians, and celebrities that come to speak or perform. I’ll miss early chances to play with cool toys before they’re released to the public. Most of all, I’ll miss working with the incredibly smart and talented people I got to know there. But I won’t miss a design philosophy that lives or dies strictly by the sword of data.

The resemblance between Google and the financial sector is striking.
Can you see it?

Simply replace the next words in the above 'Google, Goodbye' article:
To help you, just press the next 'replace button' to change the text in the article and read the text again. This looks astonishing familiar, doesn't it?


More Soft-Risk Indicators
Bowman's blog makes clear that there's another Soft-Risk Indicator, called:

Data Decision Tunnel Vision

• Every decision in only based on data and models.
• Intuition and Fingerspitzengefühl are banned.
• Craftsmanship is not respected, but must be proved in detail with evidence based on facts and data.
• Possible events that can't be translated into (financial) data are not recognized as risk and are ignored.
• Events that don't fit into the data model are reformed until they do fit in
• Micro management confines the development of a helicopter view on the main risks

Although the list of Soft-Risk Indicators is endless, I'll try to list some common examples (mail me if you have more SRIs examples).

Examples of SRIs

• Frequent or unexpected change of CEO or other board members
• Unexplainable or untimely Actuary or Accountant change
• Intentions of board members not in line with policy
• Too good to be true revenues, profits, reporting or communication
• Delay in reporting or publishing
• Lack of transparency
  
• Conflicting statements or publications
• Main (unexplainable) shareholder changes
• Over-explaining by board members
  
• Unexpected main reallocation of assets
• Vacancy or Recruitment stop; Reorganizations
• A company takes extremely more risk after a HQ-Risk Analysis
• Increasing customer dissatisfaction
  

Soft-Risk or Risk?
Most of the SRIs are not present or recognized as Risk in our models. Why? Simply because SRI losses are not in the data we analyze. This could be (1) because of the very low occurrence probability of a SRI loss (the loss simply didn't occur yet), or (2) because most of the SRIs aren't identified as SRI or Risk at all, as they simply do not exist yet. Just like a sleeping virus, they might come into Risk Existence on basis of (unknown) future (environmental) changes.

The key difference between 'Risk as we now it' and a SRI is that a SRI is by definition 'not measurable'. SRIs manifest themselves directly in practice as a (non-directly traceable) loss occurrence.

VaR Models fail
This also implicates that our traditional VaR models are definitely wrong, because they only include 'risks of the past' en no 'future risks', e.g. Soft-Risks. These VaR-models significantly underestimate the risk in the tail.
Problem is that as VaR-probabilities are getting smaller and smaller (0.5% or less) it also gets increasingly more difficult to prove the models are right. Consequently the VaR-model loses his power.
Backtesting and recent studies show that we ought to be able to identify most bad VaR models, but the worrying issue is that we can't find any good models, moreover because SRIs are not in the model.

Denying Soft-Risk Indicators: The Meltdown
You might think 'Who cares about SRIs if you can't measure them?". Well, let's see what happens if we deny Soft Risk Indicators.

The most likely dead-end meltdown scenario of denying Soft-Risk Indicators goes something like this:

• The first years of a company's life is a race for revenues. Risk Management is on the second plan, as there's little to lose.
  
• After a few years revenues and profits grow, but become vulnerable and volatile. A new Board is appointed and a Risk Management Plan (RMP) comes in place to stabilize and improve results and to guarantee continuity.
• After the RMP has shown fantastic results for some years, some strange unexpected serials of events (SRIs) happen. The Board consciously discusses the effects of these events and concludes their company's results are not infected by the events. Moreover, company results are better than ever and the company's RMP has proven to be (Titanic) watertight.
  
• To be sure and transparent the Board checks its conclusions by ordering an external risk audit. The external auditor is just as biased as the Board and confirms the Board's conclusions: RMP is O.K.!
  
• Suddenly there's a totally unexpected big accident, a substantial one of loss. At first things still look under control, but soon the situation takes over. The board is no more in control. The company is lost.
  
• Soon all stakeholders are flabbergasted. How could this happen?!

Well it's clear, what happened is that the Board misinterpreted and neglected early warning signs and SRIs, resulting in a company meltdown.

How to prevent a melt down?
To prevent a situation like the one above, the board should

1. Set up a SRI-Register
   
2. Order the RM-Department to include SRIs in their risk model
3. Discuss the integral SRI-register monthly in the Board meeting
4. Interprete the SRIs, and take proactive actions to prevent the SRIs from becoming critical. This is Board's Craftsmanship!

As continuity is a company's main goal, managing uncertainty is the Board's main responsibility.

Redefining Risk
Once we realize that Soft-Risks are crucial in Risk Management, how can we include them in our Integral Risk Model (IRM)?
First we'll have to redefine Integral Risk as follows:

(1) I-Risk = Integral Risk = Measurable Risk + Unmeasurable Risk
(2) I-Risk = Integral Risk = Hard Risk + Soft Risk
(3) I-Risk = ∑( Threat_j x Vulnerabilityj x Cost_j ) +∑ E(SRI_i=1,2..n)

Keep in mind that the Integral Risk is not a number, as the SRL is not measurable. If you can't force your brain to 'quantum think' this way, just imagine the Integral Risk as the total company value (at stake).

Cleaning up
First 'cleaning up' action we can do is to investigate the relationship (correlation, covariance matrix, etc.) between each past assumed Soft-Risk event and the Vulnerability of each Hard Risk event. This tells us probably something of the influence (correlation) of certain (combination of) SRIs on the traditional Hard Risk parameters.

Probably this research will show that some of the SRIs could even be defined as Hard Risk variables. Unfortunately this investigation - as explained -won't tell us anything about the real unmeasurable Soft-Risks. The problem remains.....

Managing Soft-Risk
The real main problem is : If you can't measure Soft-Risk, how can you be sure your 'Soft-Risk Management' (SRM) is successful, as you can't measure the effects of your actions either?

This seems to be an insolvable problem. Insolvable because of what Bowman in fact calls our 'mono data mind set'. We are not trained in taking decisions without data. As we are not trained, we become unsure. Unsure about the risk of the impact of our decision, that is unmeasurable as well. Full circle, we're back where we started.

However, there's a way out of this paradox, it's called


Before we dive deep, let's first take a step back and have a look at two important actual developments, (1) the Global Warming Problem and (2) Solvency II.

(1) Global Warming Problem
During recent decades scientists have developed different global warming models that contradict each other. The real climate is far too complex to be modelled. We could spend millions of dollars on research to find the ideal model, we will never succeed!

Step by step the leaders of this world recognize that they'll have to manage the global warming in a different way. It's no longer important whether or not there exists a provable global warming problem. The main question is whether we are willing to live up to the principle: "You don't foul your own nest"

This way of principle-based thinking requires reflection on the level of 'spaceship earth', on a 'global' level. However, simultaneously, it urges for acting in line on a 'local' level.

Although related with The Precautionary Principle, Principle Based Risk Management is much more fundamental. It's an adequate tool for fighting Soft-Risks.

(2) Solvency II
In our aim to strengthen the insurance industry solvency, implementation of Solvency II bears the a risk of an overshoot. Instead of managing risks first and in a better way, we translate every risk into capital requirements, consequently increasing the cost of doing business and insurance premiums. It's the perfect example of putting the cart before the horse. Although we expect Solvency II measures to work out in a better solvency, in reality we don't know, as this 'capital-increase scenario' hasn't been tested before and can't be tested. The presumed positive effect could just as well be adverse.

In our aim to avoid risk, we've created another additional risk. A risk we can't measure (yet). Yes, unfortunately, Solvency II is a SRI as well.

Instead of making Solvency II obligatory, a far more effective Principle Based response from the Regulator would have been:


Back to Soft-Risk Management
It's not that difficult managing Soft Risks Principle Based. In fact we all have experience with Soft Risk Principle Based decisions when we decided to have friendship, marry, or to have a child. Or did you calculate the 'lifetime present value' of your child?

Try to apply the above principles in your own company or in your own department. Just start by investigating your Soft-Risk Indicators and start managing soft and hard risks Principle Based.

What principles can we formulate to manage Soft-Risk?

Well actuarial folks.... that's food for another blog as this blog is getting far too long..... O.K. .... I wont keep you waiting, just one Principle Based one-liner that tackles a whole bunch of SRIs at once


Related (additional) Sources:
- Unmeasurable measures: The lawlessness of great numbers
- The Risk Equation
- An Additional Way of Thinking... :The Quantum Perspective
- From Principle Based Risk Management to Solvency Requirements
- Measuring the unmeasurable
- Managing Extraordinary Risk (2009, Towers Perrin)
- Measuring the Unmeasurable: Balanced Scorecard
- NYT: Risk Mismanagement
- Backtesting Value-at-Risk Models (2009)
- Quality control of risk measures: backtesting VAR models
- Metrics: Overmeasuring Our Way to Management

Happy new year! At the start of 2010 let's have some 'serious fun' with the next


Three actuaries and three accountants are traveling by train to visit a 'Risk Management Conference'. At the station, the three accountants each buy tickets and watch as the three actuaries buy only a single ticket.

"This looks very risky. How are three people going to travel on only one ticket?", one of the accountants asks.

"Watch and you'll see! Take notice of our brand new risk management approach", one of the actuaries answers.

They all board the train. The accountants take their respective first class seats, but all three actuaries cram into a restroom and close the door behind them.

Shortly after the train has departed, the conductor comes around collecting tickets. He knocks on the restroom door and says, "Ticket, please." The door opens just a crack and a single arm emerges with a ticket in hand. The conductor takes it and moves on.

The accountants were deeply impressed by the actuarial approach and agreed it was - after all - quite a clever idea without any substantial risk.

So, completely confident and with even more Risk Management skills gained at the inspiring Conference, the accountants decide to copy the actuaries new risk approach on the return trip and save some money (accountants have always been clever with money!). When they get to the station they buy a single ticket for the return trip.

To their astonishment, this time the actuaries don't buy a ticket at all. "This is reckless, how are you going to travel without a single ticket?", one of the perplexed accountants asked. "Watch and you'll see! Take full notice of our latest risk management approach" answered an actuary.

When they board the train the three accountants cram into a restroom and the three actuaries cram into another one nearby. The train departs.

Stop
Here the story stops for a moment. Let's find out if you qualify as a Actuary Risk Manager (ARM) or - otherwise - could better have become an accountant.

Can you finish the story? What was the alternative Risk management Plan of the actuaries?

Just check the next box (or go to the original Actuary-Info Blog site) to find the right answer.......

Solution



Conclusions
What conclusions can we draw from this simple story?

• Risk Management is a game without end
  
  
• The effect of Risk Management Conferences is threefold:
  
  1. Some attendants get smarter
  2. Others get overconfident
  3. Final result: Increasing Risk, instead of decreasing Risk
  
  
• There's an old Dutch saying that expresses the danger of increased Risk Management :
  
  
  "A warned man counts for two"
  
  
  
• If we want to reap the fruits of Risk Management, accountants and actuaries have to start working together, instead of struggling and competing each other.
  
  
• Risk Manager Profile and qualifications
  Insight, creativity and integrity are important requirements to become a professional Risk Manager. Unfortunately, this is not enough.
  
  To tackle Risk Management in a company, you need the best potential crook around. One who's willing to settle his salary and earnings for a little less than he would have earned as a real crook, in return for having a respectable job and not risking to end up in jail. You could call it the Personal Risk management of the Risk manager. Employers that settle for an inferior Risk Manager, know one thing for sure: someday somebody more 'crooky' than 'your risk manager' will tear your company down!

With some humor, we've gained new insights in the challenging world of Risk Management. Anyway, a Happy & Healthy 2010 !

In a very simplified model (Pensions Dynamics, PPT), professor of investment strategy, Alan White, concludes that defined benefit pension plans probably cannot succeed on the long term.

Death Spiral
White shows that every pension fund with a non risk-free asset approach, will eventually encounter a “Death Spiral” which will lead to the collapse of the fund. The only solutions are:

• Raising contribution rates
• Lowering promised pension benefits.

Assumptions
All conclusions are based on the next summarized main assumptions:

• Compensation growth: 2% per year
• Pension contribution: 15% of yearly compensation
• Yearly retirement income objective: 70% of his final salary
• Risk-free rate of interest is 3%;Risk premium on the risky assets: 3%
• Annual volatility of the risky assets: 15%
• Time horizon: 100-year
• Risky Assets investment part : 60% of the portfolio
• Corresponding final pay pension defined as 20 year annuity
• Required minimum average Pension Fund asset value in steady state
  - at 3% return: €/$ 47,200
  - at 6% return: €/$ 23,600

Frequency Distribution Outcome
One of the most striking outcomes of this study is the fact that as we look farther in to the future of the simulated pension fund, the amplitude of the frequency distribution of asset values appears to be dropping to zero. The chance that (average) asset values will be between $10,000 and $100,000 gets smaller and smaller.

The reason for this is that the probability of very high asset values and the probability of entering a collapsed state (the collapsed funds are not shown in the next figure) both increase as we expand out time horizon. As a result the probability that assets remain in the intermediate interval, is reduced.

Another interesting facts are:

• Asset values appear to become more sustainable as the part 'risky assets' increases
• Collapse rates for growing pension funds are, (almost) independently of the asset mix, negligible.
• Collapse rates for more mature (steady state) pension funds are substantial and increase to deadly percentages as the time horizon increases from 50 to 100 years.

Remarks
Although Whites model is perhaps oversimplified and can be easily criticized, it clearly shows the essential principles of running a pension fund.

In a commentary, Rob Bauer (ABP, University of Maastricht) argues White's conclusions. Nevertheless, interesting stuff, that stimulates actuarial insight.

Links
Interesting corresponding links:

• Longer Horizons Can Handle Riskier Holdings
• Stochastic Interest rate models (2008)
• The calculus of retirement income

One of the interesting aspects of the Chinese language is that words are like little pictures, pictograms or logographs, the so called 'characters'. Moreover, some words are a combination, or (better) a superposition, of several of those characters.

So the meaning of a Chinese word can be deducted by interpretation of the pictograms and relating them. And, as the saying is "A picture is worth a thousand words", you don't need to be an actuary to calculate the enormous expression-power of the Chinese language. Every word is like a book of words and expresses not only the rational meaning but also the embodied feeling (mood) that goes along with the the formal meaning.

The power of the Chinese language can be illustrated by three simple examples, the Chinese words for Actuary, Computer and Crisis:

1. Actuary
The Chinese word for Actuary is :精算师

Pronunciation: jing suan shyr

The Chinese word Actuary consists of three characters:

1. Jing, 精, means Skilled or Elite
2. Suàn, 算, means 'to calculate' or 'to count'
3. Shyr, 师, a suffix meaning 'a profession of' or a skilled or 'qualified practitioner of certain professions'

So, as a consequence, a stripped and therefore 'shortcoming' translation of the Chinese word for actuary would be: 'a skilled and qualified calculator'

Sources: Masteringmandarin, Translation, Wei Liu Dictionary,
Actuary Translated: A statistician who computes insurance risks and premiums.

2. Computer
The pictogram on the right means "computer" in Chinese. Actually, it consists of two characters that literally mean "Electric Brain", which the Chinese read as "computer".

However, as you may notice, the two main characters each exist of several sub-characters that also contribute and add meaning to the word 'Computer'.

Source, and more info at: Ebrain


3. Crisis
With the current credit crisis ( 信贷危机 xìndài wēijī) in mind, let's look at the Chinese word for 'crisis'. It consists of two characters




So in Chinese crisis means something like

Crisis = Danger + Opportunity

Let's apply this to daily business life.

No matter how great the danger in a crisis is, it also means a change of circumstances that creates space for new opportunities. It's an art to spot those opportunities when you're in the middle of a crisis.

But what if you're caught in a storm crisis:





Golden Rules Crisis Risk Management
In terms of risk management: If you're caught in the storm (trouble) and can't get out, don't try to. Try to get to the eye of the storm, where it's calm.

So when you're in the middle of a (credit) crisis :

• Don't run
• Set time still (Let time do the work)
• Keep your head together
• Wait for the opportunity, no matter how hard it is or how long it takes
  

Some more tips on how to behave in crisis situations you'll find on



APPROACHING A CONFLICT SITUATION

Let's be humble and take a look at home. The home of actuaries, accountants and last but not least 'quants'.

Gewußt oder nicht gewußt?
Actuaries and accountants have failed in foreseeing the credit crisis. Together, we have greatly underestimated the developments and put our head in the sand. We've also failed to bring the emerging crisis to a possible end through enhanced cooperation with each other or by sending out common strong signals. In short: "Wir haben es nicht gewußt!"

Without an adequate technical substantiation, we have trusted business plans promising ROEs of 15% and more. This, while we all know that the average risk-free rate is still about 10% below this level and that such high returns can certainly not be made without taking additional risk.

VaR Model
As an article in The Actuary shows, we got intimidated and overruled by the quants with their Value at Risk (VaR) models. The consequences of the advices of these magic mathematicians and their VaR models are well explained in an excellent article called 'Risk Mismanagement' in the New York Times.

In another article, Global Association of Risk Professionals Review, David Einhorn explains:

VaR ignores what happens in the tails.

It specifically cuts them off.
A 99% VaR calculation does not evaluate what happens in the last 1%.

This makes VaR relatively useless as a riskmanagement tool and potentially catastrophic when its use creates a false sense of security among senior managers and watchdogs. " Quote:

VaR is like an airbag that works all the time,
except when you have a car accident

Also, according to Bloomberg, the risk-taking VaR model is broken and everyone is coming to the realization that no formula or rating system can substitute for old-fashioned 'due diligence'.

Quantum mechanics
Because of the complexity of these new VaR-like models, experienced actuaries, accountants, managers and supervisors were all afraid to ask deeper questions or to admit that they didn't totally understood these complex models that were presented as 'simple manageable board instruments' with 'simple steering parameters'. Just like nobody is eager to admit that 'quantum mechanics' is hard to understand and therefor every amateur quantum guru can say what he wants, because nobody checks it.

Consequences
This way, indirect and by our advice and our models, CEOs and CFOs of large companies and pension funds got the (wrong) impression that 'complex financial markets' were based on 'a sound statistical model', where (annual) deficit risks of 2.5%, 0.5% or 0.1% are exactly calculable and moreover also acceptable.

Whatever, lessons learned, new opportunities for actuaries to set a new benchmark for '21 century riskmanagement'.

However..., stay careful, to catch a tiger by the tail is risky!

We all know Risk Management is key in our business.


Yet, almost all risk models (e.g. Coso) emphasize mainly on known or knowable risks.



Of course, as we could have seen in the 2008 credit crisis, the art of Risk management is in managing the unknown or unknowable risks.

But how?


Let's try to learn from two main major accidents:

I. The Challenger shuttle disaster (1986)
The accident was caused by failing O-Rings. Warnings of many engineers were overruled and ignored. This crash was the consequence of a typical effect called GROUPTHINK. Groups naturally look for consensus and will often come up with a false consensus, even when individual members disagree.
Watch a video of the space shuttle Challenger disaster that illustrates this GROUPTHINK phenomenon.

Other examples are the Columbia shuttle disaster and the 9/11 attacks. In all cases Management failed because the information suggesting a disaster was weakly transmitted within an bureaucratic system, and managers failed to authorize action because of bad communication and performance or time pressure.

II. The 2008 credit crisis

• Underestimating early signals
  The first indication of the coming credit crisis was the collapse of Enron in 2003, uncovered by whistleblower Sherron Watkins.
  
  After the collapse, the FED refused to come out with new 'rules based' guidelines . A Senate investigation showed that - starting already in 2000 - some major U.S. financial institutions had "deliberately misused structured finance techniques". But the Fed and the SEC underestimated the situation, kept to their 'principles based' system and consequently missed the opportunity to to flex their muscle by regulating market conditions for subprime mortgages.
  
  Lesson: It's not about 'rules OR principles', Football Or Soccer, but it's about 'Rules AND Principles'.
  
  

• Mixed Central Banks (FED) responsibilities
  Central Banks, The Fed in particular, have at the same time two main responsibilities with regard to (other) financial institutions:
  1. Supervision
  2. Providing financial (banking) services
  
  Those two functions clearly conflict with each other. It's impossible to independently supervise the financial company you're financing at the same time. Supervisory advises will be suspicious by definition.
  
  Secondly you can't supervise yourself as central bank. Therefore, every country needs an independent (that is 'without central bank board members'), professional supervisory board, that audits and supervises the central bank and the national bailout plan(s).
  
  
• Whistleblowers
  How could the credit crisis technically happen?
  Not an official, but a more outside kind of whistleblower, businessman Warren Buffet, warns in a 2003 BBC article that “Derivatives are financial weapons of mass destruction and contracts devised by madmen". The financial world isn't listening.
  
  Derivatives like Collateralised Debt Obligations (CDO's,) were developed to (re)fund the subprime loans. CDO's are packaged portfolios of credit risk, made up from different sliced and diced loans and bonds. They were hard to uncover without a whistleblower. At last an anonymous banker e-mails journalist Gillian Tett of the Financial Times about the situation. Only after she publices early 2007 what's wrong, the dices start rolling. This case also stresses the important role of journalism and whistleblowers in our aim for a healthy transparent financial market.
  
  
• The Greed Game
  One can argue about the roots of the credit crisis. However, essential in the 2008 credit crisis were, or still are, the excessive remuneration practices at private equity companies, hedge funds and banks. They encouraged unhealthy and excessive risk-taking. Key is the lack of balance between possible earnings and possible losses of board members.
  
  To prevent unhealthy pressure management (with groupthink effects), board members' total rewards should always be in line with the long term realized added value of the company and not be based on yearly P&L profits or short term added value.
  

Manage the unknown risks
Risk Management is not a static, but a dynamic process.

To gain and behold control of the unknown risks, it's necessary to create a transparent organization and company-process that guarantees whistleblowers' and whisperers' (= whistleblowers, that wish to stay anonymous) safety and encourages and even rewards compliance reports from employees, clients or any other stakeholders.

Because of GROUPTHINK and - on the other hand - possible negative employee outcomes (demotion, dismissal, etc) in case a reported compliance issue turns out to be compliant after all, it's important that whistleblowers are always given the opportunity to report directly, anonymously and safely to the independent federal Supervisor. Employees must have the choice to report internal within their company (small compliance matters) or to report directly to the federal Supervisory board.

Conclusions

• Separate the Supervisory and Financial Services functions of the central banks (FED)
  
  
• Redesign whistleblowers management
  Whistleblowers should have the opportunity to report compliance issues directly and anonimously to an independent federal Supervisory board.
  
  Whistleblowers that choose to report within a company, should always directly reporte to the compliance officer, the executive board and the supervisory board. On top of this they should always, especially in case of discharge, dismissal or demotion, have the right to escalate to the federal Supervisor.
  
  
• Change supervisory procedures and criteria
  Approval of (company) board members by the federal Supervisor should als be based upon:
  
  1. The 'ethical track record' of a candidate
  2. The feasibility of, in macro economic perspective, "realistic and balanced" board member performance parameters.
     
     The federal Supervisor should audit and approve the existence of a consistent 'company reward plan' that guarantees a sound and measurable balance between long term company results and board member rewards.
     
     CEO's that haven't established measurable long term added value for their company, shouldn't receive any bonus or golden parachute at all.