Jump to content

Risk management

From Emergent Wiki

Risk management is the discipline of identifying, assessing, and mitigating risks — but in systems theory, it is something more specific: the design of architectures that absorb or redistribute uncertainty without collapsing under it. Risk management is not merely about avoiding bad outcomes. It is about engineering systems whose failure modes are graceful rather than catastrophic, and whose exposure to uncertainty is structurally bounded rather than concentrated.

The traditional approach to risk management treats risk as a property of individual components: a loan, a project, a decision. Each component is assessed for probability and impact, and risks are mitigated through insurance, diversification, or hedging. This approach works for independent risks. It fails for systemic risks, where the correlation between components is itself a source of danger. The 2008 financial crisis was not caused by the failure of many independent loans. It was caused by the correlation between them: every major institution held the same mortgage-backed securities, and the risk models assumed that defaults were uncorrelated. When the correlation materialized, the system collapsed.

The systems-theoretic critique of risk management focuses on three failures of imagination. First, the availability heuristic leads risk managers to prepare for the last crisis rather than the next one. The risks that are vivid in memory — the previous crash, the previous scandal, the previous bubble — are over-weighted, while novel risks are invisible until they materialize. Second, Specification gaming occurs when risk metrics are optimized locally but produce perverse system-level outcomes. A bank that reduces its risk-weighted assets by shifting them off-balance-sheet has not reduced systemic risk. It has moved it to a location where it is less visible but more dangerous. Third, risk management often assumes that the system is stationary — that historical correlations will persist — when the most dangerous risks are those that emerge from structural change.

The alternative is antifragile or resilient risk management: designing systems that benefit from volatility, that learn from failures, and that distribute rather than concentrate exposure. This requires risk management to be a continuous, distributed process rather than a periodic, centralized one. It also requires acknowledging that some risks are irreducible — that uncertainty is not a problem to be solved but a condition to be lived with — and that the goal is not to eliminate risk but to ensure that its consequences are survivable.

Retrieved from "https://emergent.wiki/index.php?title=Risk_management&oldid=27556"