Core2 Group - Digital Data & Activity Analytics to Supplement, Complement and Enhance Company, Industry, Sector and Country Risk Adjusted Return Strategies - December 2015
Constructing a country risk score and an industry risk score are two key inputs for determining a company's overall risk profile. Digital data and activity measures, which include detailed web, mobile, email, and machine-to-machine activity, provide daily insight to supplement traditional measures used in risk-adjusted return strategies at multiple levels. Measuring concentration risk across a portfolio of companies and integrating country and industry risk are important aspects of risk management that can be enhanced using digital footprint data and activity metrics aggregated at the country, industry, and company levels.
This document describes a project to develop a pricing tool for general liability insurance. A team of actuarial consultants was hired to create the tool for an insurance company launching a new tri-state product for small businesses. The tool calculates premiums through three main steps: 1) determining a manual premium based on limits, deductibles and expenses, 2) calculating an experience modifier based on 3 years of loss data, and 3) combining these factors to produce a final indicated premium. The tool was designed to be accurate, convenient and flexible for underwriters through functions like quick searching of class codes, reasonability testing of inputs, and easy resetting of data entries.
Tracking Variation in Systemic Risk-2 8-3edward kane
This paper proposes a new measure of systemic risk for US banks from 1974-2013 based on Merton's model of credit risk. The measure treats deposit insurance as an implicit option where taxpayers cover bank losses. Each bank's systemic risk is its contribution to the value of this sector-wide option. The model estimates show systemic risk peaked in 2008-2009 during the financial crisis, and bank size, leverage, and risk-taking were key drivers of systemic risk over time.
This whitepaper discusses next generation financial risk monitoring using a framework called Datashop Alchemy. It summarizes an approach to measuring systemic risk using interconnectedness between financial institutions and their credit ratings. The framework evaluates daily systemic risk scores using this methodology and visualizes the results. It is intended to help central banks, financial institutions, and other industries monitor systemic risk in their networks to identify risks and support decision making.
The document discusses the importance of conducting risk assessments and implementing countermeasures to protect critical data and assets from threats. It outlines the key steps in risk assessment including identifying assets, threats, vulnerabilities, and risks. Outsourcing critical data to a managed service provider that locates data in secure environments is presented as an effective countermeasure that can minimize risks by placing security in the hands of security professionals and ensuring constant monitoring and uninterrupted access. The document advocates for regular risk assessments and risk management to account for changing threats over time.
This document provides an overview of a project proposal to model and measure operational risk in investment banks. It discusses how operational failures at investment banks can be costly and damaging. It reviews the Basel II accord's definition of operational risk and categories of operational risk events. It also outlines three main approaches to measuring operational risk under Basel II - the basic indicator approach, advanced measurement approach, and standardized approach. The proposal aims to identify a unique way to quantify operational risk in investment banks that is acceptable globally.
This document provides information packages to help small and medium enterprises select and apply suitable risk assessment and risk management methods for information security. It first explains why managing IT security risks is important for businesses. The document then gives an overview of risk assessment and risk management processes and defines some key terms. It also provides examples of typical business processes, IT systems, and risk profiles for two sample SMEs. Finally, it presents some risk assessment and risk management methods that could work well for SMEs given their typical profiles and resource constraints.
Strategy Survey: Strategic planning after the global financial crisishansrosendahl
The document summarizes the results of a survey conducted by BearingPoint regarding strategic planning practices in Finland. The survey was conducted in spring 2008, just before the global financial crisis. At that time, respondents were optimistic about their competitive advantage and the operating environment. However, the crisis revealed weaknesses in traditional strategic planning. The survey highlights the need for organizations to view competitive advantage dynamically and develop strategic agility to respond to uncertainty. Building competitive advantage requires a focus on customers, strong operating models, and strategic resources like partnerships.
The document discusses Solvency II, a European Union directive that aims to update insurance regulation. It has three pillars: quantitative requirements, governance/risk management, and disclosure. Complying requires overhauling financial applications and technology. Thinksoft can help insurers understand requirements, adopt the right IT model, prepare for compliance, and provide expert guidance on Solvency II. Their approach involves identifying objectives, resolving issues holistically, and understanding insurance business and Solvency II in detail.
This document describes a project to develop a pricing tool for general liability insurance. A team of actuarial consultants was hired to create the tool for an insurance company launching a new tri-state product for small businesses. The tool calculates premiums through three main steps: 1) determining a manual premium based on limits, deductibles and expenses, 2) calculating an experience modifier based on 3 years of loss data, and 3) combining these factors to produce a final indicated premium. The tool was designed to be accurate, convenient and flexible for underwriters through functions like quick searching of class codes, reasonability testing of inputs, and easy resetting of data entries.
Tracking Variation in Systemic Risk-2 8-3edward kane
This paper proposes a new measure of systemic risk for US banks from 1974-2013 based on Merton's model of credit risk. The measure treats deposit insurance as an implicit option where taxpayers cover bank losses. Each bank's systemic risk is its contribution to the value of this sector-wide option. The model estimates show systemic risk peaked in 2008-2009 during the financial crisis, and bank size, leverage, and risk-taking were key drivers of systemic risk over time.
This whitepaper discusses next generation financial risk monitoring using a framework called Datashop Alchemy. It summarizes an approach to measuring systemic risk using interconnectedness between financial institutions and their credit ratings. The framework evaluates daily systemic risk scores using this methodology and visualizes the results. It is intended to help central banks, financial institutions, and other industries monitor systemic risk in their networks to identify risks and support decision making.
The document discusses the importance of conducting risk assessments and implementing countermeasures to protect critical data and assets from threats. It outlines the key steps in risk assessment including identifying assets, threats, vulnerabilities, and risks. Outsourcing critical data to a managed service provider that locates data in secure environments is presented as an effective countermeasure that can minimize risks by placing security in the hands of security professionals and ensuring constant monitoring and uninterrupted access. The document advocates for regular risk assessments and risk management to account for changing threats over time.
This document provides an overview of a project proposal to model and measure operational risk in investment banks. It discusses how operational failures at investment banks can be costly and damaging. It reviews the Basel II accord's definition of operational risk and categories of operational risk events. It also outlines three main approaches to measuring operational risk under Basel II - the basic indicator approach, advanced measurement approach, and standardized approach. The proposal aims to identify a unique way to quantify operational risk in investment banks that is acceptable globally.
This document provides information packages to help small and medium enterprises select and apply suitable risk assessment and risk management methods for information security. It first explains why managing IT security risks is important for businesses. The document then gives an overview of risk assessment and risk management processes and defines some key terms. It also provides examples of typical business processes, IT systems, and risk profiles for two sample SMEs. Finally, it presents some risk assessment and risk management methods that could work well for SMEs given their typical profiles and resource constraints.
Strategy Survey: Strategic planning after the global financial crisishansrosendahl
The document summarizes the results of a survey conducted by BearingPoint regarding strategic planning practices in Finland. The survey was conducted in spring 2008, just before the global financial crisis. At that time, respondents were optimistic about their competitive advantage and the operating environment. However, the crisis revealed weaknesses in traditional strategic planning. The survey highlights the need for organizations to view competitive advantage dynamically and develop strategic agility to respond to uncertainty. Building competitive advantage requires a focus on customers, strong operating models, and strategic resources like partnerships.
The document discusses Solvency II, a European Union directive that aims to update insurance regulation. It has three pillars: quantitative requirements, governance/risk management, and disclosure. Complying requires overhauling financial applications and technology. Thinksoft can help insurers understand requirements, adopt the right IT model, prepare for compliance, and provide expert guidance on Solvency II. Their approach involves identifying objectives, resolving issues holistically, and understanding insurance business and Solvency II in detail.
This document discusses risk management practices in the Indian banking system and supervision by the Reserve Bank of India (RBI). It provides an overview of the types of risks banks face, including credit, market, and operational risks. The document also summarizes several academic studies that have examined relationships between macroeconomic variables, bank performance, and risk. Overall, the document analyzes current risk management practices of banks in India as directed by RBI guidelines and regulations.
Using "big data" in the Netherlands for troubled borrowersjtgator
1) The US mortgage crisis resulted from an unsustainable housing boom and loose lending practices, evidenced by rapidly rising home prices, high delinquency rates, and falling real household wealth.
2) Various government programs like HAMP attempted to help struggling homeowners through modifications and refinancing, but many borrowers ultimately redefaulted, especially those with high debt-to-income ratios in areas hit hard by falling home prices.
3) To better identify at-risk borrowers, lenders should develop more granular default prediction models incorporating factors like loan-to-value ratios, credit data, and neighborhood housing indicators, and use segmentation strategies to determine optimal pre-delinquency treatment.
This document discusses the importance of establishing a cyber risk framework that is integrated into an organization's enterprise-wide risk management process. It provides questions that organizations should consider to help identify and assess cyber risks. It also describes three hypothetical cyber risk scenarios involving ransomware infection, and discusses potential impacts, losses, and mitigation strategies for each scenario.
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
The document discusses implementing an effective third party risk management program. It notes diverse challenges companies face including low interest rates, economic issues, and growing cyber threats. It highlights common issues in third party risk management like lack of due diligence and oversight. The document outlines 12 categories of third party risk and presents a framework for assessing risk. It notes how many breaches originate with third parties and examples of companies impacted. The framework involves validating the risk appetite, evaluating inherent risks, controls, and determining the residual risk.
This document summarizes a white paper published by DTCC that discusses systemic risks facing the global financial services industry. The paper identifies several emerging risks, including cyber attacks, new financial regulations, high frequency trading, counterparty risk, collateral issues, market quality concerns, liquidity risk, central counterparty concentration, interconnectedness, securities settlement challenges, business continuity risks, shadow banking, and Eurozone risks. It provides an overview of DTCC's role in mitigating systemic risk and the goal of promoting ongoing dialogue around further reducing risks to financial stability.
Keys to extract value from the data analytics life cycleGrant Thornton LLP
Regulatory mandates driving transparency and financial objectives requiring accurate understanding of customer needs have heightened the importance of data analytics to unprecedented levels making it a critical element of doing business.
Cyber risk has become an increasingly challenging risk to understand and manage due to the proliferation of technology. Organizations can simplify information security and reduce regulatory burden by adapting their risk management processes to take a more dynamic and holistic approach to cyber threats. Evaluating cyber risk in the context of other organizational risks is necessary to inform the overall risk profile. The process involves identifying specific cyber risks, assessing their likelihood and potential impacts, prioritizing them in relation to other risks, and determining appropriate investments to mitigate exposures.
Combined Credit And Political Risk Paperathula_alwis
This document proposes two methods for modeling combined credit and political risk in emerging markets:
1. A diffusion process that sums individual credit and political risk default rates, subtracting any overlap estimated via a copula function. This provides a conservative starting point but does not fully capture the coverage.
2. A jump diffusion process that allows for sudden increases in default rates during crisis periods. This approach more accurately reflects the coverage provided by combined credit and political risk insurance.
The paper recommends the jump diffusion method and outlines using historical data on default rates, losses, and correlations to develop a stochastic model quantifying the risk-reward profile to support underwriting this line of business.
The property and casualty insurance industry has seen declining profits in recent years due to lower investment returns and high claims costs. Fraud represents a significant portion of claims costs, estimated at $30 billion annually in the US alone. Predictive analytics can help insurers more efficiently identify fraudulent claims, recover costs through subrogation, optimize staff scheduling, and improve loss reserving. Early adopters of predictive analytics in claims processing are seeing returns of over 100% and improved customer retention compared to companies that have not adopted these techniques.
This document discusses the importance of ongoing risk assessment for companies. It recommends that risk assessment consider not just IT networks and computers, but also physical security and employees. A comprehensive risk assessment process involves identifying assets, threats, vulnerabilities, likelihood of threats, potential impacts, existing controls, and recommendations. It is important that risk assessment be an ongoing and recurring process to account for changing business needs and environments.
In this article we give a brief introduction to the meaning of the term operational risk and what it means for the financial institutions of today. We explain the subject as it is defined in Basel II, and show the three different ways of calculating capital requirement for operational risk. In the next article, “Part II: Establishing a Framework for Operational Risk”, we will look at a first step in implementing a framework for operational risk management.
Capitalizing On The Crisis: Strategic Decision-Making in an Uncertain Economyskaf777
Strategic leaders must make difficult decisions under conditions of extreme uncertainty due to the current economic crisis. They should reassess risk and returns of their portfolio, develop contingency plans to maximize upside and limit downside, and maintain strategic flexibility. Opportunities exist for companies that understand value and risk to acquire distressed assets, engage in mergers and acquisitions, and take industry leadership. Building cash reserves and access to credit provides flexibility to capitalize on attractive deals as conditions evolve unpredictably.
Quantifies in dollars, the cyber risk for an enterprise, based upon historical industry data and rigorous statistical models.
Risk is calculated for custodial data (PII, PFI, CHD & PHI), based upon a peer company of the same size and industry, with the same value at risk.
This document provides a risk assessment of JPMorgan Chase's 2014 data breach conducted by a team from the University of Washington. It summarizes the breach, in which 83 million customer records were stolen, and evaluates risks to the bank. The team identifies stakeholders, assets, risks, and makes strategic recommendations. Following the ISO 31000 framework, the assessment categorizes risks, assesses key risks, plans controls, and provides advice to senior management on preventing future breaches and protecting customer data.
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
1) The economic downturn has become one of the top drivers of information security spending, nearly surpassing business continuity and disaster recovery which usually rank highest.
2) Most executives are considering strategies to reduce security spending such as canceling, deferring, or downsizing initiatives in response to budget pressures.
3) However, far fewer executives are actually cutting security budgets. And of those that are taking action, most are taking relatively minor steps like postponing projects rather than making deep cuts.
Financial Institutions, Merchants, and the Race Against CyberthreatsEMC
This Aite analyst report examines the common threats facing financial institutions and retailers, including mobile attacks, DDoS, and malware, and offers recommendations on common defenses deployed by players in both industries.
This document discusses hybrid debt instruments issued by corporations and financial institutions. It defines hybrid securities and contingent capital notes, and explores the main design features and trade-offs involved. Recent hybrid debt issuances are examined, along with the rationale for why companies and banks issue such instruments. Credit rating agencies' approach to evaluating hybrids and contingent capital notes is also reviewed.
The document is a research report that compares insurance protection for tangible versus intangible assets. Some key findings:
1) Information assets are valued slightly higher on average ($1.082 billion) than tangible property, plant, and equipment ($947 million) but have much lower insurance coverage (15% vs 59%).
2) The potential maximum loss from information assets being stolen or destroyed is estimated to be higher on average ($979 million) than potential losses from tangible assets ($770 million).
3) Despite higher risks and potential losses to information assets, companies are reluctant to purchase cyber insurance and many would not disclose material losses of information assets in financial statements like they would for tangible assets.
This is a brief article that describes the evolution of Enterprise Risk Management as a key functional area in large organizations over the past 30 years.
This document discusses risk management practices in the Indian banking system and supervision by the Reserve Bank of India (RBI). It provides an overview of the types of risks banks face, including credit, market, and operational risks. The document also summarizes several academic studies that have examined relationships between macroeconomic variables, bank performance, and risk. Overall, the document analyzes current risk management practices of banks in India as directed by RBI guidelines and regulations.
Using "big data" in the Netherlands for troubled borrowersjtgator
1) The US mortgage crisis resulted from an unsustainable housing boom and loose lending practices, evidenced by rapidly rising home prices, high delinquency rates, and falling real household wealth.
2) Various government programs like HAMP attempted to help struggling homeowners through modifications and refinancing, but many borrowers ultimately redefaulted, especially those with high debt-to-income ratios in areas hit hard by falling home prices.
3) To better identify at-risk borrowers, lenders should develop more granular default prediction models incorporating factors like loan-to-value ratios, credit data, and neighborhood housing indicators, and use segmentation strategies to determine optimal pre-delinquency treatment.
This document discusses the importance of establishing a cyber risk framework that is integrated into an organization's enterprise-wide risk management process. It provides questions that organizations should consider to help identify and assess cyber risks. It also describes three hypothetical cyber risk scenarios involving ransomware infection, and discusses potential impacts, losses, and mitigation strategies for each scenario.
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
The document discusses implementing an effective third party risk management program. It notes diverse challenges companies face including low interest rates, economic issues, and growing cyber threats. It highlights common issues in third party risk management like lack of due diligence and oversight. The document outlines 12 categories of third party risk and presents a framework for assessing risk. It notes how many breaches originate with third parties and examples of companies impacted. The framework involves validating the risk appetite, evaluating inherent risks, controls, and determining the residual risk.
This document summarizes a white paper published by DTCC that discusses systemic risks facing the global financial services industry. The paper identifies several emerging risks, including cyber attacks, new financial regulations, high frequency trading, counterparty risk, collateral issues, market quality concerns, liquidity risk, central counterparty concentration, interconnectedness, securities settlement challenges, business continuity risks, shadow banking, and Eurozone risks. It provides an overview of DTCC's role in mitigating systemic risk and the goal of promoting ongoing dialogue around further reducing risks to financial stability.
Keys to extract value from the data analytics life cycleGrant Thornton LLP
Regulatory mandates driving transparency and financial objectives requiring accurate understanding of customer needs have heightened the importance of data analytics to unprecedented levels making it a critical element of doing business.
Cyber risk has become an increasingly challenging risk to understand and manage due to the proliferation of technology. Organizations can simplify information security and reduce regulatory burden by adapting their risk management processes to take a more dynamic and holistic approach to cyber threats. Evaluating cyber risk in the context of other organizational risks is necessary to inform the overall risk profile. The process involves identifying specific cyber risks, assessing their likelihood and potential impacts, prioritizing them in relation to other risks, and determining appropriate investments to mitigate exposures.
Combined Credit And Political Risk Paperathula_alwis
This document proposes two methods for modeling combined credit and political risk in emerging markets:
1. A diffusion process that sums individual credit and political risk default rates, subtracting any overlap estimated via a copula function. This provides a conservative starting point but does not fully capture the coverage.
2. A jump diffusion process that allows for sudden increases in default rates during crisis periods. This approach more accurately reflects the coverage provided by combined credit and political risk insurance.
The paper recommends the jump diffusion method and outlines using historical data on default rates, losses, and correlations to develop a stochastic model quantifying the risk-reward profile to support underwriting this line of business.
The property and casualty insurance industry has seen declining profits in recent years due to lower investment returns and high claims costs. Fraud represents a significant portion of claims costs, estimated at $30 billion annually in the US alone. Predictive analytics can help insurers more efficiently identify fraudulent claims, recover costs through subrogation, optimize staff scheduling, and improve loss reserving. Early adopters of predictive analytics in claims processing are seeing returns of over 100% and improved customer retention compared to companies that have not adopted these techniques.
This document discusses the importance of ongoing risk assessment for companies. It recommends that risk assessment consider not just IT networks and computers, but also physical security and employees. A comprehensive risk assessment process involves identifying assets, threats, vulnerabilities, likelihood of threats, potential impacts, existing controls, and recommendations. It is important that risk assessment be an ongoing and recurring process to account for changing business needs and environments.
In this article we give a brief introduction to the meaning of the term operational risk and what it means for the financial institutions of today. We explain the subject as it is defined in Basel II, and show the three different ways of calculating capital requirement for operational risk. In the next article, “Part II: Establishing a Framework for Operational Risk”, we will look at a first step in implementing a framework for operational risk management.
Capitalizing On The Crisis: Strategic Decision-Making in an Uncertain Economyskaf777
Strategic leaders must make difficult decisions under conditions of extreme uncertainty due to the current economic crisis. They should reassess risk and returns of their portfolio, develop contingency plans to maximize upside and limit downside, and maintain strategic flexibility. Opportunities exist for companies that understand value and risk to acquire distressed assets, engage in mergers and acquisitions, and take industry leadership. Building cash reserves and access to credit provides flexibility to capitalize on attractive deals as conditions evolve unpredictably.
Quantifies in dollars, the cyber risk for an enterprise, based upon historical industry data and rigorous statistical models.
Risk is calculated for custodial data (PII, PFI, CHD & PHI), based upon a peer company of the same size and industry, with the same value at risk.
This document provides a risk assessment of JPMorgan Chase's 2014 data breach conducted by a team from the University of Washington. It summarizes the breach, in which 83 million customer records were stolen, and evaluates risks to the bank. The team identifies stakeholders, assets, risks, and makes strategic recommendations. Following the ISO 31000 framework, the assessment categorizes risks, assesses key risks, plans controls, and provides advice to senior management on preventing future breaches and protecting customer data.
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
1) The economic downturn has become one of the top drivers of information security spending, nearly surpassing business continuity and disaster recovery which usually rank highest.
2) Most executives are considering strategies to reduce security spending such as canceling, deferring, or downsizing initiatives in response to budget pressures.
3) However, far fewer executives are actually cutting security budgets. And of those that are taking action, most are taking relatively minor steps like postponing projects rather than making deep cuts.
Financial Institutions, Merchants, and the Race Against CyberthreatsEMC
This Aite analyst report examines the common threats facing financial institutions and retailers, including mobile attacks, DDoS, and malware, and offers recommendations on common defenses deployed by players in both industries.
This document discusses hybrid debt instruments issued by corporations and financial institutions. It defines hybrid securities and contingent capital notes, and explores the main design features and trade-offs involved. Recent hybrid debt issuances are examined, along with the rationale for why companies and banks issue such instruments. Credit rating agencies' approach to evaluating hybrids and contingent capital notes is also reviewed.
Similar to Core2 Group - Digital Data & Activity Analytics to Supplement, Complement and Enhance Company, Industry, Sector and Country Risk Adjusted Return Strategies - December 2015
The document is a research report that compares insurance protection for tangible versus intangible assets. Some key findings:
1) Information assets are valued slightly higher on average ($1.082 billion) than tangible property, plant, and equipment ($947 million) but have much lower insurance coverage (15% vs 59%).
2) The potential maximum loss from information assets being stolen or destroyed is estimated to be higher on average ($979 million) than potential losses from tangible assets ($770 million).
3) Despite higher risks and potential losses to information assets, companies are reluctant to purchase cyber insurance and many would not disclose material losses of information assets in financial statements like they would for tangible assets.
This is a brief article that describes the evolution of Enterprise Risk Management as a key functional area in large organizations over the past 30 years.
The document is the user's guide for the FFIEC Cybersecurity Assessment Tool. It provides an overview of the tool and guidance for institutions on how to complete the assessment. The assessment consists of two parts - an Inherent Risk Profile to identify inherent cyber risks, and a Cybersecurity Maturity assessment across five domains to determine preparedness levels. It describes how to determine risk levels for inherent risk factors and maturity levels for controls. The goal is to help institutions measure cybersecurity risks and preparedness over time to enhance risk management.
Over this past school year, I have researched and wrote extensively on the Internal Audit Function's role in Governance, Risk Management, and Compliance. This manuscript is my official submission to the Institute of Internal Auditor's Esther R. Sawyer Research Competition. I hope any knowledge gained from this paper will benefit industry professionals in the future.
Risk Monitoring and Management Trends In CommoditiesCTRM Center
The document summarizes the results of a survey conducted by Commodity Technology Advisory LLC on risk management trends in the commodities industry. The survey found that market risk, credit risk, and regulatory risk were seen as the most important risks facing companies. While some risks are managed at the department level, there is an increasing focus on managing risks at the enterprise level. However, the survey found that companies use a mix of systems and tools to manage risks, including spreadsheets, and that risk management capabilities in existing commodity trading and risk management (CTRM) systems are not being fully utilized.
This document discusses various types of risk including business risk, financial risk, credit risk, market risk, operational risk, legal risk, political risk, and liquidity risk. It provides definitions and examples for each type of risk. Business risk depends on factors like competitive environment, consumer preferences, and government policies. Financial risk depends on a company's debt-to-equity ratio and coverage ratios. Credit risk is the risk of default on debt obligations. Market risk includes risks from changes in currency exchange rates, interest rates, equity prices, and commodity prices.
The document summarizes key changes in the Basel Committee's revised market risk framework, known as Fundamental Review of the Trading Book (FRTB). It introduces more complex capital calculations under the internal models approach, with requirements for multiple scenario analyses and risk factor combinations that significantly increase processing needs. It also requires clearer position classification and metadata for regulatory capital calculations. Banks will need enhanced data management and risk aggregation capabilities to integrate information across business units. The substantial technology impacts suggest a long-term, flexible implementation approach rather than short-term minimum compliance.
Case study in Enterprise Risk Management (ERM) showing paired comparison method to evaluate risk, allocate ERM resources and to highlight the different perspective or context for different levels of company management.
The document provides details about a presentation on risk assessment and internal controls in IT enabled environments. It discusses:
1. How risk assessment involves identifying threats, vulnerabilities, assets, impact, and likelihood to understand risks. Internal controls can then reduce probability of threats or vulnerabilities.
2. Two case studies - how eBay India assessed risks to critical business processes and IT systems, finding sales systems high risk. And for a law firm, case proceeding and client databases were high risk due to data stored.
3. How risk management involves assessing risks, selecting controls, and accepting residual risks, with the goal of supporting business objectives.
Legal Entity Risk and Counter-Party Exposure April 2016bfreeman1987
Legal entity risk and exposure has become an important issue for financial institutions. This solution aggregates data from multiple internal systems to determine exposure to any given counterparty or legal entity. It identifies issuers and instruments, calculates current exposure values, and monitors public data sources for risk events. The solution detects potential risk events, identifies affected instruments and issuers, and determines exposure to help organizations respond rapidly.
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture Insurance
Attitudes towards insurance risk management have evolved tremendously over the past decade, moving from a regulatory-focused strategy to the building of a mature, value-centric risk strategy.
Accenture's 2015 North American Insurance Risk Management Study is an extension of our popular global risk survey and explores how U.S. and Canadian CROs are positioning risk within their enterprises and what issues and trends they are facing.
Implementation of a Credit Risk Management Platform for a Large Insurer Based...SecondFloor
A new, centralised credit risk platform has delivered
many business benefits to this global insurance group,
including the ability to mitigate risk by dynamically
managing investment limits.
Performing Strategic Risk Management with simulation modelsWeibull AS
“How can you be better than us to understand our business risk?"
This is a question we often hear and the simple answer is that we don’t! But by using our methods and models we can utilize your knowledge in such a way that it can be systematically measured and accumulated throughout the business and be presented in easy to understand graphs to the management and board.
The main reason for this lies in how we can treat uncertainties 1 in the variables and in the ability to handle uncertainties stemming from variables from different departments simultaneously.
Analyze:
1. Foreign Stock
a. Samsung Electronics LTD. (Korean Stock Exchange)
b. Focus on phone explosions
*Monitor their performance throughout the semester (begin: 9/15/2016, end: 12/2/2016), reflecting on the performance of each at the end of the semester, and providing a forward looking discussion of their prospects as of end of the semester.
→ what happened, why, recommendation/opinion (hold, sell), future performance
*the more graphs/data the better!!
Grading of the project will be based on the following criteria: (1) the neatness of the written report, (2) the extensiveness and relevance of research information gathered regarding each asset, (3) the inclusion of your own opinions and observations in the report
Fill this out:
Price Information on Holdings
Foreign Stock
Ticker
Beginning Value on __/__/___
in Local Currency
Exchange Rate of Local Currency with USD on __/__/____
Beginning Value on __/__/___
in USD
Ending Value on __/__/___
in Local Currency on __/__/____
Exchange Rate of Local Currency with USD on __/__/____
Ending Value on __/__/___
in USD
Percentage Change in the Value of Local Currency
Percentage Change in the Value of Stock in Local Currency
Percentage Change in the Value of Stock in USD
Framework for Improving
Critical Infrastructure Cybersecurity
Version 1.0
National Institute of Standards and Technology
February 12, 2014
February 12, 2014 Cybersecurity Framework Version 1.0
Table of Contents
Executive Summary .........................................................................................................................1
1.0 Framework Introduction .........................................................................................................3
2.0 Framework Basics...................................................................................................................7
3.0 How to Use the Framework ..................................................................................................13
Appendix A: Framework Core.......................................................................................................18
Appendix B: Glossary....................................................................................................................37
Appendix C: Acronyms .................................................................................................................39
List of Figures
: Framework Core Structure .............................................................................................. 7
Figure 1
Figure 2: Notional Information and Decision Flows within an Organization .............................. 12
List of Tables
Table 1: Function and Category Unique Identifiers ..................................................................... 19
Table 2: Framework Core ..................................................................................................
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
Project 4: Threat Analysis and Exploitation
Transcript (background):
You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. Your team has been assembled by the White House Cyber National security staff to provide situational awareness about a current network breach and cyber attack against several financial service institutions. Your team consists of four roles, a representative from the financial services sector who has discovered the network breach and the cyber attacks. These attacks include distributed denial of service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation state actor. A representative from law enforcement who has provided additional evidence of network attacks found using network defense tools. A representative from the intelligence agency who has identified the nation state actor from numerous public and government provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation state actor. A representative from the Department of Homeland Security who will provide the risk, response, and recovery actions taken as a result of this cyber threat. Your team will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture. Finally, your team will take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community. At the end of the response to this cyber incident, your team will provide two deliverables, a situational analysis report, or SAR, to the White House Cyber National security staff and an After Action Report and lesson learned to the cyber threat analyst community.
Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It's time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure.
To be completed by all team members: Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative: Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial ...
This document is a risk assessment report that contains several sections analyzing approaches to risk assessment for an organization's IT architecture. It discusses evaluating risk, qualitative and quantitative approaches, the organization's departments and how they interconnect, security certifications, and tools for conducting risk management research such as the Plus, Minus, Interesting method and applying the "what if" approach. The report provides an in-depth analysis of how to properly assess and manage risks to an organization's IT systems.
Pillar III presentation 11 18-14 - redacted versionBenjamin Huston
This document provides a summary of a proposed market-based indicators approach to stress testing for the United States. It includes the following key points:
1) The approach uses market prices and indicators derived from contingent claims analysis, network analysis, and other methods to conduct stress tests on financial and non-financial sectors. This helps address data limitations and allows for a broader scope than traditional supervisory stress tests.
2) A systemic risk dashboard would analyze risks using various metrics like SRISK and CoVaR. Contingent claims analysis would provide outputs like default probabilities, expected losses, and capital shortfalls under different scenarios.
3) Network analysis and interconnectedness measures would capture potential domestic and international spill-over
This report provides an overview of global compliance with the Payment Card Industry Data Security Standard (PCI DSS) based on hundreds of assessments conducted between 2011-2013. The key findings are that only around 11% of companies assessed were fully compliant with all 12 PCI DSS requirements, and the report identifies areas where organizations commonly struggle with compliance. It recommends that organizations view PCI compliance as an ongoing process that requires executive sponsorship and should be part of wider governance, risk, and compliance efforts.
Similar to Core2 Group - Digital Data & Activity Analytics to Supplement, Complement and Enhance Company, Industry, Sector and Country Risk Adjusted Return Strategies - December 2015 (20)
Core2 Group - Digital Data & Activity Analytics to Supplement, Complement and Enhance Company, Industry, Sector and Country Risk Adjusted Return Strategies - December 2015
1. DIGITAL DATA & ACTIVITY ANALYTICS TO
SUPPLEMENT, COMPLEMENT AND ENHANCE
COMPANY, INDUSTRY, SECTOR AND COUNTRY
RISK ADJUSTED RETURN STRATEGIES
DECEMBER, 2015
2. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 2
Table of Contents
Introduction .......................................................................................................................................................................3
1. Constructing a company specific Risk Rating (A seven step approach)................................................3
2. Constructing Concentration Risk Measures across a Portfolio of Companies ...................................3
3. Country Risk..............................................................................................................................................................5
4. Integrating Country Risk with Industry Risk...................................................................................................6
5. Industry Rating.........................................................................................................................................................8
6. Forward Measures of Risk..................................................................................................................................10
7. Integrating Industry Risk & Country Risk ......................................................................................................12
Case Study: Automobile company performance across multiple brands, companies and
countries ..................................................................................................................................................................12
8. Default Correlations............................................................................................................................................. 17
Conclusion........................................................................................................................................................................18
Appendix.......................................................................................................................................................................... 20
1. Core2 Business Performance Measure Definitions and Applications:................................................. 20
2. Author Biographies ............................................................................................................................................. 22
Dr. Robert Mark.................................................................................................................................................... 22
Hugh Lloyd-Thomas ........................................................................................................................................... 23
About Core2 Group...................................................................................................................................................... 24
Note from the Authors:
Comments / Suggestions / Questions Encouraged & Appreciated
Hugh Lloyd-Thomas, Advisory Board Member, Executive VP, Financial Services, Core2
Group, Mobile: 917-716-5973 Email: Hugh.Lloyd-Thomas@core2group.com
Bob Mark, Board of Directors & Advisory Board Member, Core2 Group, Mobile: 925-
212-7348 Email: BobMark@blackdiamondrisk.com
3. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 3
Constructing a country risk score and an industry risk score are two key scores that are an essential
input to determine a company’s overall risk profile. A borrower’s absolute and relative position
within an industry is also a key component of constructing risk adjusted return measures. The
volume and sources of a company’s digital data and activity levels are highly correlated to direction
of revenues and growth.
Digital data activity measures, that include detailed breakdowns across web, mobile, e-mail and
machine-to-machine activity1
, provide insight and support within the risk adjudication process.
These big data measures provide daily orthogonal data and analytics to augment the current
traditional measures used to develop optimal risk adjusted return strategies at the company,
industry, sector and country levels. The digital data activity measures are also particularly useful for
analyzing the risk adjusted returns for private companies since there is a significant lack of
consistent and reliable up-to-date public data,
Please refer to the appendix for specific definitions of the digital activity metrics referred to
throughout the whitepaper.
1. Constructing a company specific Risk Rating (A seven step approach)
A credit risk rating system is used to calculate the probability of default of a loan to an obligor. It
starts with a financial assessment of the borrower (step 1). The next step calls for analyzing country
risk (step 2) and industry risk (step 3). The risk rating also calls for analyzing the managerial
capability of the borrower and reviewing the quality of the financial information (steps 4 and 5).
A robust risk rating system also compares the preliminary obligor rating to default ratings provided
by external entities such as rating agencies and software firms (step 6). The process ensures that all
credits are objectively rated using a consistent process to arrive at accurate ratings. A loss given
default rating (LGDR) is derived in a final step (step 7) that is independent from the obligor rating.
2. Constructing Concentration Risk Measures across a Portfolio of Companies
Measuring concentration risk is an important aspect of risk management. A time series constructed
from digital activity data for firms, based on their industry and country groupings, can be used to
provide incremental insight to the asset return correlations between two firms. The correlations can
1
Machine-to-machine activity refers to automated inter-company communications (e.g. inventory ordering &
payments, machinery communication with maintenance services, etc.)
4. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 4
be explained by the factors common to all firms such as Industry (or Sector) and Country (or
Region).
Major problems arise in any aggregating system when it is applied to factors that are non-linear,
and therefore “non-additive.” For example, systematic risk (or beta risk) is additive over securities
for any given portfolio, but specific risk, measured by the standard derivation of the residual return,
is non-additive. In other words, the standard deviation of a portfolio is not the sum of the standard
deviations of the securities in the portfolio. Therefore, risk aggregation can be quite complicated; it
requires the estimation of many parameters, and especially the degree of correlation between all
the possible pairs of securities in a portfolio.
A firm’s asset returns are generated by a set of common (systematic) risk factors and
idiosyncratic factors. The idiosyncratic factors do not contribute to asset return correlations (since
they are not correlated with each other and not correlated with the common factors). The risks
associated with the idiosyncratic risk factors can be diversified away through portfolio
diversification, while the risk contribution of the common factors is, on the contrary, non-
diversifiable. Multi-factor models of asset returns reduce the number of correlations that have to
be calculated to the limited number of correlations between the common factors that affect asset
returns (Reference Box 1).
Box 1: Correlation Analysis
5. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 5
3. Country Risk
Country risk can be calculated from an aggregate of specific risks related to doing business in a
country, and it is a critical component of credit risk assessment. The measurement of a country’s
risk environment includes the legal, government and human development considerations (see
Table 1). Given the ever increasingly complex nature of global markets, there are few globally
consistent measures to capture country risk.
Table 1: S&P Capital IQ Critical Country Risk ‘Risk Dimensions’ and ‘Factors’ assessment criteria
Country risk may be mitigated by hard currency cash flows received/earned by the counterparty.
Hard currency cash flow refers to revenue in a major (i.e., readily exchanged) international currency
(primarily U.S. and Canadian dollars, sterling, euros and Japanese yen).
Country risk needs to be differentiated from sovereign risk. For ease of our discussion, we focus on
country risk and define country risk as the risk that a counterparty, or obligor, will not be able to
pay its obligations (e.g. say because of cross-border restrictions on the convertibility or availability
of a given currency). Country risk analysis calls for an assessment of risks that range from analyzing
political risk to analyzing the economic risk of a country. Country risk exists becomes material when
there is more than a prescribed percentage (say 25 %) of the obligor’s (gross) cash flow (or assets)
located outside of the local market.
Digital data activity and measures can be used to supplement, complement and enhance the
aforementioned traditional risk dimensions, factors and analysis. Digital activity data analysis across
a user-selected set of countries and/or groupings along with global totals, e.g., country roll-ups for
emerging, and frontier markets, can provide additional insight and analysis flexibility (see Box 2).
6. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 6
Box 2: Digital Footprint Data & Activity Measures - Country Level Reporting and Aggregation
4. Integrating Country Risk with Industry Risk
In addition to enhancing existing traditional country risk analysis, digital data and activity measures
can provide a consistent foundation to compare company, industry and sector business
performance. The ability to measure both the volume and the source country of the digital activity
provides additional insight into the spread and/or concentration of a company’s business.
Baseline indices for brands, companies and/or subsidiaries, industries, sectors, countries and
regions provides the ability to create the consistent foundations required. For example, using a
Business Performance Index (BPI) of 1000 as the mean baseline, a score of 1250 indicates a 25%
increase in a company’s digital data and activity over the specified time period, which in turn is
generally reflected by a near term increase in revenues and/or other business performance
measures e.g., service utilization, increases in subscribers and/or customers etc. A score of 750
reflects a 25% drop in digital data activity, which in turn generally reflects a near term reduction in
business performance.
7. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 7
Additionally, detailed digital data activity measures (web, mobile, e-mail and machine-to-machine
activity), can be measured at the source (i.e. the country of origin), as well as relative levels of total
Digital Activity within a region and individual country over varying periods for all or any subset of
regions (see Table 2).
Table 2: Regional and Country Level Digital Data Activity Source Measurement (Country
Momentum Index – CMI (1, 2)
)
1. Please refer to the description of CMI noted in the appendix
2. Please note: Data included in this and other tables is illustrative and does not reflect specific measures and/or timeframes
The direction and color of the arrows in Table 2 identifies the strength of both the level and trend
of each country’s digital activity and performance. A green arrow indicates a 5% or greater increase
in activity over the period. The yellow upward arrow indicates an increase of up to 5% over the
period, while a yellow downward arrow indicates a decrease of up to 5% over the period. A red
downward arrow indicates a 5% or greater decrease in activity over the period.
As outlined in Table 2, Global and North American digital activity source levels have been relatively
flat over the last 12 months, while activity from Russia has grown. As the current regime of
economic sanctions and reduced oil prices is having a significant negative impact on the internal
Russian economy, the increased traffic levels from Russia may be indicative of internal sectors
seeking external market opportunities.
8. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 8
5. Industry Rating
A common risk analysis approach is to assess industries using a ratings scheme, as example with a
1 (minimal risk) to 5 (very high risk) scale across a set of criteria for each industry. The criteria may
include, but not be limited to, ratings of competitiveness, trade environment, regulatory
framework, restructuring, technological change, financial performance, long-term trends affecting
performance and vulnerability to a macroeconomic environment.
Table 3 provides a subset of the various sectors and industries often included in industry based risk
analysis and ratings scheme approaches. Each sector and industry’s digital activity is be used to
provide additional insight and understanding of performance across industry, sectors and country
performance for an individual company credit adjudication process.
Table 3: Global Industry Classification Standard (GICS®
) Industry & Sector Examples
Consumer Discretionary Health Care Industrials
Automobiles & Components Health Care Equipment & Service Capital Goods
Auto Components Health Care Equipment & Supplies Aerospace & Defense
Automobiles Health Care Providers & Service Building Products
Consumer Durables & Apparel Health Care Technology Construction & Engineering
Household Durables Pharmaceuticals, Biotechnology Electrical Equipment
Leisure Products Biotechnology Industrial Conglomerates
Textiles, Apparel & Luxury Pharmaceuticals Machinery
Consumer Services Life Sciences Tools & Services Trading Companies & Distributor
Hotels Restaurants & Leisure Information Technology Commercial & Professional Services
Diversified Consumer Services Software & Services Commercial Services & Supplies
Media Internet Software & Services Professional Services
Media IT Services Transportation
Retailing Software Air Freight & Logistics
Distributors Technology Hardware & Equipment Airlines
Internet & Catalog Retail Communications Equipment Marine
Multiline Retail Technology Hardware, Storage Road & Rail
Specialty Retail Electronic Equip., Instruments Transportation Infrastructure
Consumer Staples Semiconductors & Semiconductor Materials
Food & Staples Retailing Financials Chemicals
Food & Staples Retailing Banks Construction Materials
Food Beverage & Tobacco Banks Containers & Packaging
Beverages Thrifts & Mortgage Finance Metals & Mining
Food Products Diversified Financials Paper & Forest Products
Tobacco Diversified Financial Services Telecommunication Services
Household & Personal Products Consumer Finance Diversified Telecommunication
Household Products Capital Markets Wireless Telecommunication Services
Personal Products Insurance Utilities
Energy Insurance Electric Utilities
Energy Equipment & Services Real Estate Gas Utilities
Oil, Gas & Consumable Fuels Real Estate Investment Trusts Multi-Utilities
Real Estate Management & Development Water Utilities
Independent Power and Renewable
9. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 9
As highlighted in Table 4 below, the core cyclical Retailing group, and the non-cyclical Software
and Services sectors have shown consistent growth over the last 12 months. While Semiconductors,
Telecommunication Services and Utilities have seen recent weakness. However, all sectors have
seen positive increases over their baseline performance metric of 1000.
Table 4: Digital Footprint Data & Activity Measures- Sector Level Reporting and Aggregation
level by industry category and group. (Sector Momentum Index – SMI (1, 2)
)
1. Please refer to the description of SMI noted in the appendix
2. Please note: Data included in this and other tables is illustrative and does not reflect specific measures and/or timeframes
As noted previously, the green arrow in Table 4 indicates a 5% or greater increase in activity over
the period. The yellow upward arrow indicates an increase of up to 5% over the period, while a
yellow downward arrow indicates a decrease of up to 5% over the period. The red downward
arrow indicates a 5% or greater decrease in activity over the period.
10. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 10
6. Forward Measures of Risk
Forward measures of risk can be constructed by analyzing digital activity and business performance
measures. These digital measures augment traditional measures such as implied volatility. For
example, a forward measure of the cost of credit risk can be linked to estimating implied volatility
of a put since the value of a put is the cost of eliminating the credit risk associated with providing a
loan to a firm (reference Box 3). Implied volatility is a forward measure of risk.
Box 3: Put Cost of Credit Risk
We can write the value of the put as:
And is the standard deviation of the rate of return of the firm’s assets.2
2
The model illustrates that the credit risk, and its costs, is a function of the riskiness of the assets of the firm,
and this risk is also a function of the time interval until debt is paid back, T. The cost is also affected by the risk-
free interest rate r: the higher r is, the less costly it is to reduce credit risk. The cost is a homogeneous function of
the leverage ratio, LR =
11. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 11
Weighted digital performance measures can be integrated with sovereign and country risk
measures to provide supplementary insight into forward measures of risk.
Table 5: Illustrative Performance Measure / Timeframe Weighting Allocation Examples (1-4)
1. Both Performance Measure and Timeframe weighting allocations = 100%
2. Measured by Business Performance Index (BPI). Please refer to description noted in the appendix
3. Measured by Sector Momentum Index (SMI). Please refer to description noted in the appendix
4. Measured by Country Momentum Index (CMI). Please refer to description noted in the appendix
Based on the understanding of company and portfolio seasonality and volatility, digital activity and
performance measures within forward measure of credit risk calculations can be weighted over the
appropriate timeframes. Nearer term measurements may be given more weight as they are
stronger indicators of “yet to be released and/or available” business performance measures such as
sales, revenue and levels of business and/or exposure to sectors and/or countries with higher risk
and/or credit profiles.
12. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 12
7. Integrating Industry Risk & Country Risk
Case Study: Automobile company performance across multiple brands,
companies and countries
The core cyclical Automobile & Components group (see Table 6) has shown consistent growth over
the last 12 months, driven by aging consumer owned vehicle years, “relaxed” credit and
underwriting strategies and aggressive marketing. While other sectors have reduced with the
recent slowing economic activity.
Table 6: Digital Data & Activity - Sector Level Reporting and Aggregation – Automobile &
Components (1)
1. Please note: Data included in this and other tables is illustrative and does not reflect specific measures and/or timeframes
7.1 Integrating Company Risk with Industry Risk
Fluctuations in digital data activity and volatility over time can provide further detailed insight and
additional lift to optimizing risk adjusted return strategies.
Table 7 compares the performance of a number of automobile companies, their associated brands
and competitors over a 12 month period. Digital Activity Momentum measures the percentage of
days over a 90 day period where activity increased over the preceding day. Activity Frequency
measures the volume of digital activity, while Activity Reach measures the “geographic spread” of
digital activity. The peer group total of both Activity Frequency and Activity Reach equals 100%.
13. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 13
Company performance over the last 3 and 6 month and 1 year time periods is measured using the
Business Performance Index (BPI).
Table 7: Consumer Discretionary – Automobiles & Components – Automobiles Subset (Digital
Activity Momentum Business Performance Index – BPI (1, 2)
)
1. Please refer to the description of BPI noted in the appendix
2. Please note: Data included in this and other tables is illustrative and does not reflect specific measures and/or timeframes
The significant benefit of being able to compare company and sector digital activity growth and
performance measures, is that they are available on a far timelier and consistent basis than relying
upon historically reported and often “disguised” cash flow and balance sheet data and analysis.
Activity levels can be monitored and measured in percentage terms (sum of share columns =
100%) across multiple timeframes, competitive groups and/or portfolio exposures. Activity levels
Data as of 2/1/2015
% Up Days in Last
90 Days
Current
Share ∆ Vs 1
Year Ago
Current
Share ∆ Vs 1
Year Ago
Last 3
Months
Last 6
Months
Over 1
Year
BMW 43% 5.9% 0.1% 12.7% (1.2%) -1% 2% 12%
Chrysler 42% 6.6% 19.9% 4.3% (7.0%) 1% 22% -2%
Dodge 45% 0.7% 14.8% 1.9% 16.3% -1% 7% 33%
Fiat 50% 4.0% (0.4%) 5.5% (47.5%) -41% -47% -36%
Hyundai 39% 4.2% 4.7% 4.8% 7.3% -8% -4% 9%
Infiniti 39% 0.6% (4.5%) 1.8% 3.2% -3% 7% 18%
Jaguar 52% 0.7% 6.1% 1.6% 8.5% 2% -6% 23%
Jeep 50% 1.0% 42.5% 2.8% 43.5% 17% 21% 60%
Kia 42% 0.9% 26.4% 2.1% 14.1% -11% -8% 27%
Land Rover 46% 1.5% 10.9% 2.1% 62.8% -8% 36% 76%
Mazda 55% 1.3% 24.0% 2.9% 27.0% 7% 26% 35%
Mini Cooper 48% 0.6% 0.9% 1.4% 7.4% 0% -2% 18%
Nissan 28% 3.8% 2.7% 7.7% (11.8%) -17% -13% -4%
Audi 47% 2.8% (2.3%) 3.9% (29.1%) -1% -4% -16%
Buick 42% 0.3% 12.8% 0.8% 11.3% 6% 2% 34%
Cadillac 44% 0.4% 5.5% 1.1% (31.2%) 3% 2% -16%
Chevrolet 45% 1.3% (1.7%) 2.5% 22.9% -22% 7% 40%
Ford 40% 26.9% (0.9%) 8.2% 17.0% 2% 9% 26%
GMC 53% 0.5% 25.1% 1.4% 46.2% 2% 27% 75%
Lexus 51% 1.3% 43.5% 3.0% 57.9% 10% 23% 73%
Lincoln 27% 2.4% 17.1% 2.2% (14.0%) -2% -7% 18%
Porsche 48% 1.3% 19.5% 2.8% 20.3% 10% 32% 44%
Toyota 42% 4.0% 17.3% 5.0% 11.1% -1% 4% 18%
VW 40% 2.8% 27.2% 3.5% 10.1% -2% -10% 19%
Acura 47% 2.5% 19.0% 1.3% 13.1% 9% 28% 25%
Dodge Ram 50% 0.6% 17.4% 1.6% 16.3% 11% 5% 34%
Honda 32% 7.1% (0.8%) 3.3% (5.3%) -11% -12% 4%
Mercedes-Benz 35% 11.4% (45.1%) 5.2% (33.4%) -50% -43% -27%
Rolls-Royce 44% 0.4% 20.3% 0.7% 62.5% 7% 41% 76%
Smart Car 40% 2.1% 24.3% 1.9% 81.5% -5% 22% 108%
Company / Brand
Overview of Company Performance - Global Total
Global Total
Company Share
of the Peer Group Digital
Activity Frequency
Company Current
Digital Activity
Momentum
Company Performance
Over the Period
Company Share
of the Peer Group Digital
Activity Reach
Frequency
Growth
Reach
Growth
Last 1 Year 3.5% 7.2%
Last 6 Months (11.2%) (4.3%)
Last 3 Months (15.8%) (8.2%)
Peer Group Snap Shot
14. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 14
can also be monitored for a company’s competitors and customers, providing industry and
marketplace insights and identifying any significant short changes in activity levels that would not
be easily observed and/or available on a timely basis, particularly for privately owned
organizations.
Further examples of the correlation of Core2 data with the measurement of Probability of
Default (PD) and indication of credit score direction are outlined in S&P Capital IQ’s Credit
Market Pulse, Page 2, Issue 11, December 2015 (Click on link to view: http://www.spcapitaliq-
credit.com/cms/wp-content/uploads/Credit_Market_Pulse_Issue_11_Dec15.pdf?t=1450340632)
Additional analysis examples and insights are available on Core2’s “First Look” website (Click on
link to view: http://www.core2group.com/first-look/)
7.2 Tier Assessment
Digital activity is used to provide valuable orthogonal information about a company’s relative
position within an industry and industry tiers. Digital activity measures can also reveal additional
information about the health of the industry and the performance of a company in comparison to
its peers and the industry, beyond what is typically used in current analysis.
If a business is ranked against its competition then a company’s relative position within an industry
impacts it credit risk rating. If the company supplies a product/service that is subject to global
competition then it should be ranked into tiers on a global basis. If the company’s competitors are
by nature local or regional, as are many retail businesses, then it should be ranked on that basis.
An illustrative four-tier system is shown in Box 4.
Tier 1 players are major players with a dominant share of the relevant market (local, regional, domestic,
international or niche). They have a diversified and growing customer base with low production costs that are
based on sustainable factors (such as a diversified supplier base, economies of scale, location and resource
availability, continuous upgrading of technology, etc.). Such companies respond quickly and effectively to
changes in the regulatory framework, trading environment, technology, demand patterns and
macroeconomic environment.
Tier 2 players are important or above-average industry players with a meaningful share of the relevant
market (local, regional, domestic, international or niche).
Tier 3 players are average (or modestly below average) industry players, with a moderate share of the
relevant market (local, regional, domestic, international or niche).
Tier 4 players are weak industry players and have a declining customer base. They have a high cost of
production due to factors such as low leverage with suppliers, obsolete technologies, and so on.
Box 4: Four-Tier System
The analysis of a company’s historical performance from internal data sources and the correlation
of digital activity with those internal performance measures can be used to create dynamic
company and portfolio risk analysis and monitoring capabilities.
15. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 15
The Activity Momentum measure is an index of the change in web based activity over the period,
while the Market / Sector Share Growth measure is an index of the change in market share of the
individual auto manufactures / brands included in the data set.
As an example, the capability to dynamically monitor the digital activity levels of the companies
within the Automobile Manufacturer sector can be used to realign risk exposure and/or
classifications of risk. Figures 1a and 1b show the comparison of digital activity levels and
momentum in comparison to industry participants as well as subsidiaries within an organization.
The change in the size of the “Bubble” is determined by the change in the volume of a company’s
digital activity. The position of the “Bubble” on each of the Performance / Risk Classification charts
axis’s is driven by the change in the level of the momentum of a company’s digital activity
(percentage of up days vs. down days over the time period) and change in the company’s Market /
Sector Share of the total peer group digital activity (company’s percentage share of the sector /
peer group’s total digital activity) over time. As an example, while the individual US based divisions
of Fiat (Chrysler, Jeep, Dodge), have performed well over the time period, the significant reduction
in performance of Fiat, as highlighted in Table 7, has reduced the overall market share and
momentum of the group. Observe the reduced size of the Fiat “Bubble” and the movement from
Risk Tier 2 (High Market Share Growth & Low Momentum) to Risk Tier 4 (Low Market Share Growth
& Low Momentum). For Fiat, Sector / Market Share Growth has declined significantly over the time
period, while Company Activity / Momentum has remained stagnant in comparison to other sector
/ peer group companies.
Figure 1a: Auto Manufacturers - Performance / Risk Classification by company Digital Activity growth and
sector share as at the beginning of a twelve month period (1)
1. Please note: Data included in this and other figures is illustrative and does not reflect specific measures and/or timeframes
16. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 16
Figure 1b: Auto Manufacturers - Performance / Risk Classification by company Digital Activity
growth and sector share at the end of a twelve month period(1)
1. Please note: Data included in this and other figures is illustrative and does not reflect specific measures and/or timeframes
Additionally, the availability of digital activity data at the subsidiary, operating group levels and
broader company levels (e.g., from Jeep.com, to Chrysler to the Fiat holding company level), allows
for the comparison of market players to their competitors and to themselves over time, further
enhancing risk analysis insight and capability.
7.3 Integrating Country Exposure Risk with Company Risk
Knowing the variety of sources and varying strengths of a company’s digital activity across the
organization can provide further insight into the analysis of changes in performance and
consequent risk across a company, sector and/or country. For example, rather than simply applying
a company’s country of domicile and/or sovereign risk rating within the risk adjudication process,
knowing the country(ies) of origin of a company’s digital activity can be used to determine the
appropriate Digital Activity Source Country Risk weighting (Please refer to the weighting example
in Table 5).
17. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 17
As an example, while Chrysler had positive momentum in India and China, during the first quarter,
the level of growth plateaued during the remainder of the time period. Additionally growth fell
steadily in Brazil across the time period, which is reflective of the overall decline in the Brazilian
economy. However, as it does not make up a significant percentage of Chryslers overall activity
and performance, it will have a lesser impact on Chrysler’s overall credit quality and risk.
Figure 2: Chrysler Digital Activity and performance across the “BRIC” Countries (Brazil, China,
India & Russia) over a 12 month period (1)
1. Please note: Data included in this and other tables is illustrative and does not reflect specific measures and/or timeframes
However, given the recent economic situation, the increasing levels of activity from Russia maybe
under threat and may create a significant downturn in Chrysler’s near term performance and
potential near term credit and/or exposure risk.
8. Default Correlations
Analyzing the correlation between digital data and default performance can be useful as default
correlations are higher for firms within the same industry or in the same country (or region) than
for firms in unrelated industries or sectors. Correlations also vary with the relative state of the
economy in the business cycle. If there is a slowdown in the economy (or a recession) then most of
the assets of the obligors will decline in value and quality with the likelihood of multiple defaults
increasing substantially. The opposite happens when the economy is performing well with default
correlations going down. Thus, we cannot expect default and migration probabilities to stay
stationary over time.
18. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 18
The impact of correlations on risk is quite large. It is larger for portfolios with relatively low-grade
credit quality than it is for high-grade portfolios. Indeed, as the credit quality of the portfolio
deteriorates and the expected number of defaults increases, this number is magnified by an
increase in default correlations. Multi-factor analysis can be used to reduce the dimensionality of
estimation correlations. This approach maps each obligor to the countries and industries that are
most likely to determine its performance.
Default correlations can be derived from asset returns correlations. Asset return correlations are
not directly observable and therefore equity return correlations is used as a proxy. For example,
CreditMetrics makes use of equity returns as their proxy. CreditMetrics estimates the correlations
between the equity returns of various obligors. The correlations between changes in credit quality
can be inferred directly from the joint distribution of these equity returns. In a similar manner, we
can use the correlations between the digital activity measures and signals to support conclusions
about asset return correlations.
Equity returns are correlated to the extent that firms are exposed to the same industries and
countries. Yet using equity returns in this way is equivalent to assuming that all the firm’s activities
are financed by means of equity. This is a major drawback of the approach, especially when it is
being applied to highly leveraged companies. For those companies, equity returns are substantially
more volatile, and possibly less stationary, than the volatility of the firm’s assets.
This final step combines assessments of the health of the industry (i.e., industry rating) and the
position of a business within its industry (i.e., tier rating). The process reveals the vulnerability of a
company, particularly during recessions. Low quartile competitors within an industry class almost
always have higher risk (modified by the relative health of the industry).
Utilizing digital activity measures to supplement, complement and enhance traditional internal and
3rd party data sources and models within the risk adjudication process provides additional insight
into risk adjusted return performance as well as concentration risk measures such as correlations
when analyzing companies, industries and countries.
The traditional accounting approach is, in essence, backward looking. Past profits (or losses) are
calculated and analyzed, but future uncertainties are not measured at all. The end result is that
sometimes a major component of profitability does not appear in any consistent way in the
financial reports. Shareholders and financial analysts find it difficult to assess current and near term
performance, while regulators and rating agencies face problems when they try to determine the
riskiness of activities. Digital activity and its related indices are forward looking in contrast with
current historical accounting and performance data.
19. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 19
There is always a compromise between accuracy and sophistication, on the one hand, and
applicability and aggregation on the other. Digital activity data provides a new forward-looking
dimension. The ability to analyze and understand both the frequency and market reach of digital
activity consistently across organizations, sectors and countries provides additional insight into
optimal risk adjusted return strategies.
For any questions or requests for further information and/or discussion, please contact the authors:
Hugh Lloyd-Thomas, Advisory Board Member, Executive Vice President, Financial Services, Core2
Group, Mobile: 917-716-5973 Email: Hugh.Lloyd-Thomas@core2group.com
Bob Mark, Board of Directors & Advisory Board Member, Core2 Group, Mobile: 925-212-7348
Email: BobMark@blackdiamondrisk.com
20. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 20
1. Core2 Business Performance Measure Definitions and Applications:
1.1 Core2 (C2) Frequency
Definition
An aggregate count of internet request queries to a company’s set of domains on a given day.
These queries include any devices (servers, tablets, mobile, refrigerators, cars etc.) that use DNS
routing to produce these requests. C2Frequency is derived from all digital activity and is made up
of mobile, web4, web6, email and machine queries.
1.2 Core2 (C2) Reach
Definition
The count of unique “Recursive Resolvers” querying a company’s set of domains in a given day.
This is done by determining the number of recursive resolvers from which a query originated and
adding it to a list. A “Recursive Resolver” is a server that queries the “Authoritative Name Server”
to resolve a domain/ address request i.e., the Recursive Resolver identifies and routes queries to
the end server(s) where the information being sought ultimately resides. “Recursive Resolvers” and
systems are used by Internet Service Providers (ISP’s) to improve their efficiency and processing
speed. Each day, the list is purged and restarted, resulting in the number of daily unique recursive
resolvers. The larger the number of “Recursive Resolvers” processing domain/ address requests,
the broader the geographic spread of user activity. Growth over time in the number of Recursive
Resolvers is also indicative of end user / account numbers and expansion.
1.3 Core2 (C2) Business Performance Index (BPI)*
Definition
The C2 BPI is derived from a measure of a company’s online business activity. The C2 BPI is an
index of relative performance of the company, acting like a score for performance. C2 BPI allows
for comparison of business health over time as well as easy comparisons between companies. This
index is highly correlated with stock price movement. This product is available by Country and
Sector.
Applications
Compare a company’s activity measures to identify drivers of positive or negative change.
Disparate patterns among the activity types provide an indication of performance. For example, a
consistent negative email signal paired with consistent positive web and machine signals indicates
negative future performance. Look at changes in C2BPI by Activity Type from different time
periods (28 days, 90 days, and 365 days) to identify growth or decline trends across time periods.
21. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 21
1.4 Core2 (C2) Country Momentum Index (CMI and CMI.GPS)
Definition
C2CMI measures a country’s total outbound digital activity and momentum as an indicator of near
term and future economic direction. C2CMI.GPS is a directional indicator, highlighting short-term
trajectory changes in momentum that are predictive of longer-term trends. Both indices are
centered on 1,000 and available for all countries.
Applications
Use C2CMI to compare country growth and performance. Create a C2CMI.GPS to C2CMI ratio to
identify future growth or decline of C2CMI and its magnitude compared to previous changes. If
the ratio equals 1, there will be no change in C2CMI in the future. If the ratio is less than 1, it
indicates future decline, and if the ratio is greater than 1, it indicates future growth. Look at
changes in C2CMI.GPS to identify growth or decline trends across time periods. Additionally, both
measures can be used to compare against other countries.
1.5 Core2 (C2) Sector Momentum Index (SMI and SMI.GPS)
Definition
C2SMI provides insights into the inbound digital activity of key economic sectors and industries
based on the aggregate activity of listed equities. C2SMI.GPS is a directional indicator, highlighting
short-term trajectory changes in momentum that are predictive of longer-term trends. Both
indices are centered on 1,000, and providing insights into expanding and/or declining sectors
within a country as well as insights into near term and future sector direction.
Applications
Use C2SMI to compare sector performance within a specified country in order to understand
drivers of growth or decline within the economy. Create a C2SMI.GPS to C2SMI ratio in order to
identify future growth or decline of sectors and its magnitude compared to previous changes. If
the ratio equals 1, there will be no change in C2SMI in the future. If the ratio is less than 1, it
indicates future decline, and if the ratio is greater than 1, it indicates future growth. Look at
changes in C2SMI from different time periods (28 days, 90 days, and 365 days) to identify growth
or decline trends across time periods. Additionally, both measures can be used to compare
against other competitors or other countries.
22. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 22
2. Author Biographies
Dr. Robert Mark
Board of Directors & Advisory Board Member, Core2 Group
Founding Managing Partner of Black Diamond Risk Enterprises
Dr. Robert M. Mark is the Founding Managing Partner of Black Diamond Risk
Enterprises, which provides corporate governance, risk management consulting,
risk software tools and transaction services. He has led Treasury/Trading activities as well as Risk
Management functions at Tier 1 banks. Dr. Mark is the Founding Executive Director of the Masters
of Financial Engineering (MFE) Program at the UCLA Anderson School of Management and served
as a Risk Advisory Director for the Entergy Koch energy trading company. He was awarded the
Financial Risk Manager of the Year by the Global Association of Risk Professionals (GARP). He is a
Cofounder of the Professional Risk Managers’ International Association (PRMIA).
Prior to his current position, he was the Corporate Treasurer and Chief Risk Officer (CRO) at the
Canadian Imperial Bank of Commerce (CIBC). He was a Senior Executive Vice President and
member of the Management Committee at CIBC. Dr. Mark’s global responsibility covered all credit,
market, and operating risks for all of CIBC as well as for its subsidiaries.
Prior to CIBC, he was the partner in charge of the Financial Risk Management Consulting practice
at C&L (now PwC) .The Risk Management Practice advised clients on risk management issues and
was directed toward financial institutions and multi-national corporations. Prior to his position at
C&L, he was a managing director at Chemical Bank (now JPMC). His responsibilities encompassed
risk management, asset/liability management, research (quantitative analysis), strategic planning
and analytical systems. He served on the Senior Credit Committee. Before he joined Chemical
Bank, he was a senior officer at HSBC where he headed the technical analysis trading group.
He earned his Ph.D., with a dissertation in options pricing, from NYU Graduate School of
Engineering and Science, graduating first in his class. Subsequently, he received an APC in
accounting from NYU’s Graduate School of Business, and graduated from the Harvard Business
School Advanced Management Program. He is an Adjunct Professor and co-author of Risk
Management -McGraw-Hill (2001), The Essentials of Risk Management – (EoRM) -McGraw Hill
(2006) and an updated 2nd version of the EoRM-McGraw Hill (2013). Dr. Mark served on the
boards of ISDA, Fields Institute for Research in Mathematical Sciences, IBM’s Deep Computing
Institute, PRMIA as well as Chairperson of National Asset/Liability Management Association
(NALMA).
23. Core2 Group, Inc. Confidential and Proprietary. Do not copy or distribute. 23
Hugh Lloyd-Thomas
Advisory Board Member, Core2 Group
Executive Vice President, Financial Services, Core2 Group
Hugh brings over 25 years of experience in US, European, and Asia Pacific
financial services markets, developing and delivering innovative and disruptive
credit risk and marketing data, predictive analytic solutions and strategies that
create competitive advantage and profitability for both clients and partners.
Prior to joining Core2 Group, Hugh was a Senior Partner at FICO through the acquisition of
InfoCentricity. Prior to InfoCentricity, Hugh was Group VP, Consumer & Small Business Credit at IXI
Services, (acquired by Equifax in 2009) and was responsible for the launch, development and
management of the Credit Sector and solutions. Previously, Hugh held domestic and international
strategic account management roles with FICO for major clients including Citibank, American
Express and JPMorgan Chase. Hugh also held senior manager positions in the financial services
consulting groups at Ernst & Young and Price Waterhouse. Hugh has a Commerce degree from
the University of Melbourne (Australia), Post Graduate studies in Finance from the University of
Technology Sydney (Australia), and is a Senior Associate with the Australian Institute of Bankers.