Value at Risk - Criticism

Criticism

VaR has been controversial since it moved from trading desks into the public eye in 1994. A famous 1997 debate between Nassim Taleb and Philippe Jorion set out some of the major points of contention. Taleb claimed VaR:

1. Ignored 2,500 years of experience in favor of untested models built by non-traders
2. Was charlatanism because it claimed to estimate the risks of rare events, which is impossible
3. Gave false confidence
4. Would be exploited by traders

More recently David Einhorn and Aaron Brown debated VaR in Global Association of Risk Professionals Review Einhorn compared VaR to “an airbag that works all the time, except when you have a car accident.” He further charged that VaR:

1. Led to excessive risk-taking and leverage at financial institutions
2. Focused on the manageable risks near the center of the distribution and ignored the tails
3. Created an incentive to take “excessive but remote risks”
4. Was “potentially catastrophic when its use creates a false sense of security among senior executives and watchdogs.”

New York Times reporter Joe Nocera wrote an extensive piece Risk Mismanagement on January 4, 2009 discussing the role VaR played in the Financial crisis of 2007-2008. After interviewing risk managers (including several of the ones cited above) the article suggests that VaR was very useful to risk experts, but nevertheless exacerbated the crisis by giving false security to bank executives and regulators. A powerful tool for professional risk managers, VaR is portrayed as both easy to misunderstand, and dangerous when misunderstood.

Taleb, in 2009, testified in Congress asking for the banning of VaR on two arguments, the first that "tail risks are non-measurable" scientifically and the second is that for anchoring reasons VaR for leading to higher risk taking.

A common complaint among academics is that VaR is not subadditive. That means the VaR of a combined portfolio can be larger than the sum of the VaRs of its components. To a practising risk manager this makes sense. For example, the average bank branch in the United States is robbed about once every ten years. A single-branch bank has about 0.0004% chance of being robbed on a specific day, so the risk of robbery would not figure into one-day 1% VaR. It would not even be within an order of magnitude of that, so it is in the range where the institution should not worry about it, it should insure against it and take advice from insurers on precautions. The whole point of insurance is to aggregate risks that are beyond individual VaR limits, and bring them into a large enough portfolio to get statistical predictability. It does not pay for a one-branch bank to have a security expert on staff.

As institutions get more branches, the risk of a robbery on a specific day rises to within an order of magnitude of VaR. At that point it makes sense for the institution to run internal stress tests and analyze the risk itself. It will spend less on insurance and more on in-house expertise. For a very large banking institution, robberies are a routine daily occurrence. Losses are part of the daily VaR calculation, and tracked statistically rather than case-by-case. A sizable in-house security department is in charge of prevention and control, the general risk manager just tracks the loss like any other cost of doing business.

As portfolios or institutions get larger, specific risks change from low-probability/low-predictability/high-impact to statistically predictable losses of low individual impact. That means they move from the range of far outside VaR, to be insured, to near outside VaR, to be analyzed case-by-case, to inside VaR, to be treated statistically.

Even VaR supporters generally agree there are common abuses of VaR:

1. Referring to VaR as a "worst-case" or "maximum tolerable" loss. In fact, you expect two or three losses per year that exceed one-day 1% VaR.
2. Making VaR control or VaR reduction the central concern of risk management. It is far more important to worry about what happens when losses exceed VaR.
3. Assuming plausible losses will be less than some multiple, often three, of VaR. The entire point of VaR is that losses can be extremely large, and sometimes impossible to define, once you get beyond the VaR point. To a risk manager, VaR is the level of losses at which you stop trying to guess what will happen next, and start preparing for anything.
4. Reporting a VaR that has not passed a backtest. Regardless of how VaR is computed, it should have produced the correct number of breaks (within sampling error) in the past. A common specific violation of this is to report a VaR based on the unverified assumption that everything follows a multivariate normal distribution.