Improving on ERM’s Imperfections by Russ Banham

RIMS: First of all, congratulations on the RIMS award. The judging committee seemed particularly impressed by the emphasis on quantitative risk analysis. Can you elaborate on the value of this approach?

Sidorenko: : Thank you. Let me set the context first – the EuroChem Board is comprised of directors with extensive experience in mining, the fertilizer industry and banking. They understand risk very well. Many of the directors are used to the Basel standards for market, credit and liquidity risks that all global regulators use, and there is an expectation that the same stringent quantitative risk analysis approaches are applied to our decisions and risks. You can say the corporate motto is that no decision should be made based on guesses. Whatever can be quantified, should be quantified.

RIMS: Why was this appropriate for a fertilizer production and distribution company, which is not a financial business per se ? Was there some underlying factor driving this approach?

Sidorenko: Certainly, fertilizer prices have been historically very volatile, creating a lot of market risk that needs to be quantified and controlled. The industry is less mature compared to other, for example agricultural, commodities, and the market is not regulated. While fertilizers are commodities, they’re not yet tradeable as securities. The price fluctuations can be quite substantial creating cash flow risk.

RIMS: Can you provide an example of this?

Sidorenko: Sure. With COVID, some fertilizer prices skyrocketed, contributing to the reasons why (EuroChem’s) EBITDA nearly doubled from $831 million in H1 2020 to $1.6 billion in the first half of 2021.

RIMS: What goes up goes down, hopefully not as dramatically. In dealing with this market risk, are you finding that quantitative risk analysis is a more relevant approach than a qualitative risk analysis?

Sidorenko: Yes, the team responsible for market risk is quantifying our risk exposures on all our trading and distribution books, setting limits on how much risk is appropriate for the expected level of return that our Board wants to see. This is a positive step for a non-financial business to apply risk controls calculating the variances, allocating limits and stop losses on the trading based on our quantifiable risk appetite. We do the same thing for our credit risks, which are also managed using sophisticated mathematical models, not too dissimilar from the models applied in banks.

RIMS: You’ve previously commented on risk as a ‘resource allocation and controlling mechanism.’ Please elaborate.

Sidorenko: An analogy I like to use is that ‘risk’ is a limited resource that is not free. There’s a finite amount of this resource we call ‘risk’ available that the management is willing to allocate to different operations, plants, distribution, trading, and so on. Each of these entities is allocated this precious resource and must justify how much profit they intend to make from this resource. Once they approach the allocated amount, say $100 million of risk, they need to have a strong business case explaining why they should be reallocated additional risk, since it is a limited resource. Consequently, people are extremely careful how much risk they receive and use. For the privilege of using this resource called ‘risk,’ the company is implementing ‘risk charges,’ where a certain percentage is deducted from the entity’s P&L, incentivizing thoughtful risk management.

RIMS: I want to harken back to what you said about quantitative risk analysis as a decision-making tool, based on your comment that when something ‘can be quantified, should be quantified.’ What then is the value of human experience and knowledge in identifying, assessing and managing risk?

Sidorenko: Let me respond this way: For the past 100 years, multiple scientists in several fields, including at least three Nobel Prize winners in economics, have concluded that whenever humans make important decisions, they significantly underestimate and even ignore risks. This results in suboptimal decisions, as they are based on often wrong assumptions. One example closer to home is how risk managers make decisions on how much insurance is needed, how high the deductibles should be set, and the fair price for the risk transfer. Those are all completely quantifiable decisions, yet few organizations ever do that, and there is a tendency to rely on broker benchmarks and promises, almost a blind faith. If we continue to just use human judgments in making these decisions, we are pretty much guaranteed to make suboptimal choices or wrong ones, for example underinsure and overpay for the amount of risk transferred. I always joke: Low deductibles are for people who are bad at math.

RIMS: Is this your primary criticism of ERM; that it’s qualitative as opposed to reliant on scientific underpinnings?

Sidorenko: I think I can group my criticisms into two categories. On one side I am very alarmed that most of the best practices in ERM, the methodologies, the techniques, the principles have no foundation in scientific research, they are just unvalidated opinions or even worse, somebody’s sales pitches. In fact, many of the most common applications of risk management have been scientifically proved to increase error in judgement and lead to worse decisions than doing no risk management at all. Risk matrices or heat maps are a prime example of that. They have the scientific rigor of horoscopes. The second is that there is almost no feedback loop and accountability for risk managers. I can guarantee most organizations that claim to have amazing ERM have never back tested their risk analysis to determine if they actually destroyed corporate value or created it – or were just lucky by pure coincidence. Another huge issue is how risk analysis is disconnected from the actual decisions companies make.

RIMS: Do you believe that a risk manager’s decisions are overly reliant on ERM? Are too many risk professionals making wrong decisions based on assumptions that are inherently subjective?

Sidorenko: I have two messages to risk and insurance managers. The first one is that they have a duty of care to shareholders, and part of that duty is to realize that there is sufficient research suggesting some common practices don’t work and result in errors. The lack of quantitative risk analysis, for instance, can result in them paying double and triple for insurance. By contrast, we saved $13 million in insurance at our most recent policy renewals—a huge saving of 60 to 70 percent, by the way. We did that by understanding our risk profiles and quantifying them properly, by communicating with underwriters directly. And more importantly, we did that without increasing our deductibles or reducing the limits. The quality of coverages also improved.

RIMS: In a hardening insurance market, those are certainly impressive results. What’s your second message?

Sidorenko: It’s actually the more important message: Your company has more quantitative rigor and experience than you think. Treasury, for instance, has been managing financial risks like interest rates, foreign exchange, and credit and liquidity risks for ages. Strategy and investment teams have used scenario analyses and sensitivity analyses for years. Spend less time on techniques and approaches proven not to work and more time in transitioning to things that do work. If you think you don’t have the competencies, then reach out to learn from the parts of the business that do have them. There’s no excuse for not upskilling in decision science, probability theory and neuro economics. It’s the difference between astrology and astronomy.


RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.