Risk management occurs when an investor buys a low-risk government bond over a riskier corporate bond, when a fund manager hedges a currency exposure with derivatives, and when a bank performs a credit check on an individual before issuing credit. Stock brokers use financial instruments like options and futures, and money managers use strategies like portfolio and investment diversification to mitigate or effectively manage risk. Poor risk management includes lending mortgages to poor credit people, investment firms who bought, packaged, and resold these mortgages, and funds who invested excessively in the repackaged but still risky mortgage-backed securities. A typical example of a risk management metric is value at risk, or VAR. This calculates how bad it could get with a given level of confidence. So for example, with a 95% confidence, the most you could stand to lose on a $1,000 investment over two years is $200. Risk management can be innovative and predictive. Compliance looks at what's happening now and ticks a box, but risk managers look at the future. What might impact us? How might we mitigate it? How might we take advantage of it? As a consequence, these can be highly analytical roles. Compliance is different. It's all about box ticking and complying with current rules. Let's think about some broad risk categories. So macro market or systematic risks are unavoidable. For example, interest rate, FX, inflation risk. These can only be managed, e.g., by buying forward contracts and setting risk limits. Systematic industry risks can happen within the investment bank industry, e.g., Lehman Brothers collapsing and the impact on everyone else in the industry. Credit risk refers to the other side of a trade defaulting. In response, it's important to screen new clients regularly thereafter. Operational risk refers to human error, program malfunction, and fraud. This can be managed using training, clear responsibilities, technology, systems testing, et cetera.
