In financial mathematics and financial risk management, Value at Risk (VaR) is a widely used risk measure of the risk of loss on a specific portfolio of financial assets. For a given portfolio, probability and time horizon, VaR is defined as a threshold value such that the probability that the mark-to-market loss on the portfolio over the given time horizon exceeds this value (assuming normal markets and no trading in the portfolio) is the given probability level.[1]
For example, if a portfolio of stocks has a one-day 5% VaR of $1 million, there is a 0.05 probability that the portfolio will fall in value by more than $1 million over a one day period if there is no trading. Informally, a loss of $1 million or more on this portfolio is expected on 1 day in 20. A loss which exceeds the VaR threshold is termed a “VaR break.”[2] Thus, VaR is a piece of jargon favored in the financial world for a percentile of the predictive probability distribution for the size of a future financial loss.
VaR has five main uses in finance: risk management, risk measurement, financial control, financial reporting and computing regulatory capital. VaR is sometimes used in non-financial applications as well.[3]
Important related ideas are economic capital, backtesting, stress testing, expected shortfall, and tail conditional expectation.[4]
Contents |
Common parameters for VaR are 1% and 5% probabilities and one day and two week horizons, although other combinations are in use.[5]
The reason for assuming normal markets and no trading, and to restricting loss to things measured in daily accounts, is to make the loss observable. In some extreme financial events it can be impossible to determine losses, either because market prices are unavailable or because the loss-bearing institution breaks up. Some longer-term consequences of disasters, such as lawsuits, loss of market confidence and employee morale and impairment of brand names can take a long time to play out, and may be hard to allocate among specific prior decisions. VaR marks the boundary between normal days and extreme events. Institutions can lose far more than the VaR amount; all that can be said is that they will not do so very often.[6]
The probability level is about equally often specified as one minus the probability of a VaR break, so that the VaR in the example above would be called a one-day 95% VaR instead of one-day 5% VaR. This generally does not lead to confusion because the probability of VaR breaks is almost always small, certainly less than 0.5.[1]
Although it virtually always represents a loss, VaR is conventionally reported as a positive number. A negative VaR would imply the portfolio has a high probability of making a profit, for example a one-day 5% VaR of negative $1 million implies the portfolio has a 5% chance of making more than $1 million over the next day.[7]
Another inconsistency is VaR is sometimes taken to refer to profit-and-loss at the end of the period, and sometimes as the maximum loss at any point during the period. The original definition was the latter, but in the early 1990s when VaR was aggregated across trading desks and time zones, end-of-day valuation was the only reliable number so the former became the de facto definition. As people began using multiday VaRs in the second half of the 1990s they almost always estimated the distribution at the end of the period only. It is also easier theoretically to deal with a point-in-time estimate versus a maximum over an interval. Therefore the end-of-period definition is the most common both in theory and practice today.[8]
The definition of VaR is nonconstructive; it specifies a property VaR must have, but not how to compute VaR. Moreover, there is wide scope for interpretation in the definition.[9] This has led to two broad types of VaR, one used primarily in risk management and the other primarily for risk measurement. The distinction is not sharp, however, and hybrid versions are typically used in financial control, financial reporting and computing regulatory capital.[10]
To a risk manager, VaR is a system, not a number. The system is run periodically (usually daily) and the published number is compared to the computed price movement in opening positions over the time horizon. There is never any subsequent adjustment to the published VaR, and there is no distinction between VaR breaks caused by input errors (including Information Technology breakdowns, fraud and rogue trading), computation errors (including failure to produce a VaR on time) and market movements.[11]
A frequentist claim is made, that the long-term frequency of VaR breaks will equal the specified probability, within the limits of sampling error, and that the VaR breaks will be independent in time and independent of the level of VaR. This claim is validated by a backtest, a comparison of published VaRs to actual price movements. In this interpretation, many different systems could produce VaRs with equally good backtests, but wide disagreements on daily VaR values.[1]
For risk measurement a number is needed, not a system. A Bayesian probability claim is made, that given the information and beliefs at the time, the subjective probability of a VaR break was the specified level. VaR is adjusted after the fact to correct errors in inputs and computation, but not to incorporate information unavailable at the time of computation.[7] In this context, “backtest” has a different meaning. Rather than comparing published VaRs to actual market movements over the period of time the system has been in operation, VaR is retroactively computed on scrubbed data over as long a period as data are available and deemed relevant. The same position data and pricing models are used for computing the VaR as determining the price movements.[2]
Although some of the sources listed here treat only one kind of VaR as legitimate, most of the recent ones seem to agree that risk management VaR is superior for making short-term and tactical decisions today, while risk measurement VaR should be used for understanding the past, and making medium term and strategic decisions for the future. When VaR is used for financial control or financial reporting it should incorporate elements of both. For example, if a trading desk is held to a VaR limit, that is both a risk-management rule for deciding what risks to allow today, and an input into the risk measurement computation of the desk’s risk-adjusted return at the end of the reporting period.[4]
An interesting takeoff on VaR is its application in Governance for endowments, trusts, and pension plans. Essentially trustees adopt portfolio Values-at-Risk metrics for the entire pooled account and the diversified parts individually managed. Instead of probability estimates they simply define maximum levels of acceptable loss for each. Doing so provides an easy metric for oversight and adds accountability as managers are then directed to manage, but with the additional constraint to avoid losses within a defined risk parameter. VaR utilized in this manner adds relevance as well as an easy to monitor risk measurement control far more intuitive than Standard Deviation of Return. Use of VaR in this context, as well as a worthwhile critique on board governance practices as it relates to investment management oversight in general can be found in 'Best Practices in Governance".[12]
"Given some confidence level the VaR of the portfolio at the confidence level is given by the smallest number such that the probability that the loss exceeds is not larger than "[3]
The left equality is a definition of VaR. The right equality assumes an underlying probability distribution, which makes it true only for parametric VaR. Risk managers typically assume that some fraction of the bad events will have undefined losses, either because markets are closed or illiquid, or because the entity bearing the loss breaks apart or loses the ability to compute accounts. Therefore, they do not accept results based on the assumption of a well-defined probability distribution.[6] Nassim Taleb has labeled this assumption, "charlatanism."[13] On the other hand, many academics prefer to assume a well-defined distribution, albeit usually one with fat tails.[1] This point has probably caused more contention among VaR theorists than any other.[9]
The term “VaR” is used both for a risk measure and a risk metric. This sometimes leads to confusion. Sources earlier than 1995 usually emphasize the risk measure, later sources are more likely to emphasize the metric.
The VaR risk measure defines risk as mark-to-market loss on a fixed portfolio over a fixed time horizon, assuming normal markets. There are many alternative risk measures in finance. Instead of mark-to-market, which uses market prices to define loss, loss is often defined as change in fundamental value. For example, if an institution holds a loan that declines in market price because interest rates go up, but has no change in cash flows or credit quality, some systems do not recognize a loss. Or we could try to incorporate the economic cost of things not measured in daily financial statements, such as loss of market confidence or employee morale, impairment of brand names or lawsuits.[4]
Rather than assuming a fixed portfolio over a fixed time horizon, some risk measures incorporate the effect of expected trading (such as a stop loss order) and consider the expected holding period of positions. Finally, some risk measures adjust for the possible effects of abnormal markets, rather than excluding them from the computation.[4]
The VaR risk metric summarizes the distribution of possible losses by a quantile, a point with a specified probability of greater losses. Common alternative metrics are standard deviation, mean absolute deviation, expected shortfall and downside risk.[1]
Supporters of VaR-based risk management claim the first and possibly greatest benefit of VaR is the improvement in systems and modeling it forces on an institution. In 1997, Philippe Jorion wrote:[14]
[T]he greatest benefit of VAR lies in the imposition of a structured methodology for critically thinking about risk. Institutions that go through the process of computing their VAR are forced to confront their exposure to financial risks and to set up a proper risk management function. Thus the process of getting to VAR may be as important as the number itself.
Publishing a daily number, on-time and with specified statistical properties holds every part of a trading organization to a high objective standard. Robust backup systems and default assumptions must be implemented. Positions that are reported, modeled or priced incorrectly stand out, as do data feeds that are inaccurate or late and systems that are too-frequently down. Anything that affects profit and loss that is left out of other reports will show up either in inflated VaR or excessive VaR breaks. “A risk-taking institution that does not compute VaR might escape disaster, but an institution that cannot compute VaR will not.” [15]
The second claimed benefit of VaR is that it separates risk into two regimes. Inside the VaR limit, conventional statistical methods are reliable. Relatively short-term and specific data can be used for analysis. Probability estimates are meaningful, because there are enough data to test them. In a sense, there is no true risk because you have a sum of many independent observations with a left bound on the outcome. A casino doesn't worry about whether red or black will come up on the next roulette spin. Risk managers encourage productive risk-taking in this regime, because there is little true cost. People tend to worry too much about these risks, because they happen frequently, and not enough about what might happen on the worst days.[16]
Outside the VaR limit, all bets are off. Risk should be analyzed with stress testing based on long-term and broad market data.[17] Probability statements are no longer meaningful.[18] Knowing the distribution of losses beyond the VaR point is both impossible and useless. The risk manager should concentrate instead on making sure good plans are in place to limit the loss if possible, and to survive the loss if not.[1]
One specific system uses three regimes.[19]
"A risk manager has two jobs: make people take more risk the 99% of the time it is safe to do so, and survive the other 1% of the time. VaR is the border."[15]
The VaR risk measure is a popular way to aggregate risk across an institution. Individual business units have risk measures such as duration for a fixed income portfolio or beta for an equity business. These cannot be combined in a meaningful way.[1] It is also difficult to aggregate results available at different times, such as positions marked in different time zones, or a high frequency trading desk with a business holding relatively illiquid positions. But since every business contributes to profit and loss in an additive fashion, and many financial businesses mark-to-market daily, it is natural to define firm-wide risk using the distribution of possible losses at a fixed point in the future.[4]
In risk measurement, VaR is usually reported alongside other risk metrics such as standard deviation, expected shortfall and “greeks” (partial derivatives of portfolio value with respect to market factors). VaR is a distribution-free metric, that is it does not depend on assumptions about the probability distribution of future gains and losses.[15] The probability level is chosen deep enough in the left tail of the loss distribution to be relevant for risk decisions, but not so deep as to be difficult to estimate with accuracy.[20]
VaR can be estimated either parametrically (for example, variance-covariance VaR or delta-gamma VaR) or nonparametrically (for examples, historical simulation VaR or resampled VaR).[4][6] Nonparametric methods of VaR estimation are discussed in Markovich [21] and Novak.[22]
The problem of risk measurement is an old one in statistics, economics and finance. Financial risk management has been a concern of regulators and financial executives for a long time as well. Retrospective analysis has found some VaR-like concepts in this history. But VaR did not emerge as a distinct concept until the late 1980s. The triggering event was the stock market crash of 1987. This was the first major financial crisis in which a lot of academically-trained quants were in high enough positions to worry about firm-wide survival.[1]
The crash was so unlikely given standard statistical models, that it called the entire basis of quant finance into question. A reconsideration of history led some quants to decide there were recurring crises, about one or two per decade, that overwhelmed the statistical assumptions embedded in models used for trading, investment management and derivative pricing. These affected many markets at once, including ones that were usually not correlated, and seldom had discernible economic cause or warning (although after-the-fact explanations were plentiful).[18] Much later, they were named "Black Swans" by Nassim Taleb and the concept extended far beyond finance.[23]
If these events were included in quantitative analysis they dominated results and led to strategies that did not work day to day. If these events were excluded, the profits made in between "Black Swans" could be much smaller than the losses suffered in the crisis. Institutions could fail as a result.[15][18][23]
VaR was developed as a systematic way to segregate extreme events, which are studied qualitatively over long-term history and broad market events, from everyday price movements, which are studied quantitatively using short-term data in specific markets. It was hoped that "Black Swans" would be preceded by increases in estimated VaR or increased frequency of VaR breaks, in at least some markets. The extent to which this has proven to be true is controversial.[18]
Abnormal markets and trading were excluded from the VaR estimate in order to make it observable.[16] It is not always possible to define loss if, for example, markets are closed as after 9/11, or severely illiquid, as happened several times in 2008.[15] Losses can also be hard to define if the risk-bearing institution fails or breaks up.[16] A measure that depends on traders taking certain actions, and avoiding other actions, can lead to self reference.[1]
This is risk management VaR. It was well established in quantative trading groups at several financial institutions, notably Bankers Trust, before 1990, although neither the name nor the definition had been standardized. There was no effort to aggregate VaRs across trading desks.[18]
The financial events of the early 1990s found many firms in trouble because the same underlying bet had been made at many places in the firm, in non-obvious ways. Since many trading desks already computed risk management VaR, and it was the only common risk measure that could be both defined for all businesses and aggregated without strong assumptions, it was the natural choice for reporting firmwide risk. J. P. Morgan CEO Dennis Weatherstone famously called for a “4:15 report” that combined all firm risk on one page, available within 15 minutes of the market close.[9]
Risk measurement VaR was developed for this purpose. Development was most extensive at J. P. Morgan, which published the methodology and gave free access to estimates of the necessary underlying parameters in 1994. This was the first time VaR had been exposed beyond a relatively small group of quants. Two years later, the methodology was spun off into an independent for-profit business now part of RiskMetrics Group.[9]
In 1997, the U.S. Securities and Exchange Commission ruled that public corporations must disclose quantitative information about their derivatives activity. Major banks and dealers chose to implement the rule by including VaR information in the notes to their financial statements.[1]
Worldwide adoption of the Basel II Accord, beginning in 1999 and nearing completion today, gave further impetus to the use of VaR. VaR is the preferred measure of market risk, and concepts similar to VaR are used in other parts of the accord.[1]
VaR has been controversial since it moved from trading desks into the public eye in 1994. A famous 1997 debate between Nassim Taleb and Philippe Jorion set out some of the major points of contention. Taleb claimed VaR:[24]
More recently David Einhorn and Aaron Brown debated VaR in Global Association of Risk Professionals Review[15][25] Einhorn compared VaR to “an airbag that works all the time, except when you have a car accident.” He further charged that VaR:
New York Times reporter Joe Nocera wrote an extensive piece Risk Mismanagement[26] on January 4, 2009 discussing the role VaR played in the Financial crisis of 2007-2008. After interviewing risk managers (including several of the ones cited above) the article suggests that VaR was very useful to risk experts, but nevertheless exacerbated the crisis by giving false security to bank executives and regulators. A powerful tool for professional risk managers, VaR is portrayed as both easy to misunderstand, and dangerous when misunderstood.
A common complaint among academics is that VaR is not subadditive.[4] That means the VaR of a combined portfolio can be larger than the sum of the VaRs of its components. To a practising risk manager this makes sense. For example, the average bank branch in the United States is robbed about once every ten years. A single-branch bank has about 0.0004% chance of being robbed on a specific day, so the risk of robbery would not figure into one-day 1% VaR. It would not even be within an order of magnitude of that, so it is in the range where the institution should not worry about it, it should insure against it and take advice from insurers on precautions. The whole point of insurance is to aggregate risks that are beyond individual VaR limits, and bring them into a large enough portfolio to get statistical predictability. It does not pay for a one-branch bank to have a security expert on staff.
As institutions get more branches, the risk of a robbery on a specific day rises to within an order of magnitude of VaR. At that point it makes sense for the institution to run internal stress tests and analyze the risk itself. It will spend less on insurance and more on in-house expertise. For a very large banking institution, robberies are a routine daily occurrence. Losses are part of the daily VaR calculation, and tracked statistically rather than case-by-case. A sizable in-house security department is in charge of prevention and control, the general risk manager just tracks the loss like any other cost of doing business.
As portfolios or institutions get larger, specific risks change from low-probability/low-predictability/high-impact to statistically predictable losses of low individual impact. That means they move from the range of far outside VaR, to be insured, to near outside VaR, to be analyzed case-by-case, to inside VaR, to be treated statistically.[15]
Even VaR supporters generally agree there are common abuses of VaR:[6][9]
|