Measurable and Unmeasurable Risk — VaR and Tail Risk

Risk that can be put into numbers is easy to manage; risk that resists numbers is easy to overlook. Value at Risk (VaR) expresses a loss ceiling for ordinary times in a single figure, yet it lets the extreme events in the tail slip past. Much of compliance risk belongs precisely to the side that slips past. This piece draws the line between measurable and unmeasurable risk, and sorts out why materials review becomes the guardian of the latter.

01The Comfort of Measurable Risk, and Its Limits

VaR is a tool that folds into a single number the statement, “over a given period, at a given confidence level, the loss will not exceed this amount.” For example, one can say, “on 99% of days, the loss stays within X yen.” In domains like market risk, where past data are abundant and the distribution is stable, it works powerfully. Once a number appears, both management and the front line feel reassured.

The problem is that this reassurance says nothing about the remaining 1%. VaR shows the probability of not crossing a threshold, but not how far the loss swells once that threshold is crossed. The more precisely you draw the inside of the 99%, the more the outer 1% falls out of view. The very presence of a number conceals the most dangerous region. There is a structure here: the further the management of measurable risk advances, the more unmeasurable risk is pushed, by comparison, into the blind spot.

02It Is the Tail That Falls — Tail Risk and “No Problems in the Past”

For a deviation in materials or damage to reputation, the scale of a single hit matters more than the statistics of frequency. Most of the time, almost nothing happens. But once it does, it strikes licenses, trust, and the share price all at once. This is tail risk — the low-frequency, high-severity type. Average the probability of occurrence into a mean, and this character disappears.

The phrase to be most wary of on the review floor belongs right here. The reasoning “there have been no problems so far, so it is fine” is the very argument that overlooks the tail. No problems having appeared may mean only that the tail has not yet been drawn. Because the event is rare, a track record accumulates, and that record dulls one’s sensitivity to risk instead. The moment a past free of incidents is reread as a source of reassurance, the guard against the tail loosens.

03Risk and Uncertainty Are Distinct — Knight’s Distinction

The economist Frank Knight separated “risk,” where the probability distribution is known, from “uncertainty,” where the distribution itself is unknown. What VaR presupposes is the former. It estimates a distribution from past data and computes losses according to that distribution. But for events whose distribution does not hold steady, this premise breaks down.

Compliance events lie precisely on the side where the distribution does not hold steady. Regulation, public opinion, and commercial custom all move, and a simple extrapolation of past data does not work. Apply the tools of “countable risk” to “uncountable uncertainty,” and the number that emerges grants a false sense of safety. Being measurable and not happening are two different things. Hold this distinction, and you see that the region without numbers is the very keep of management.

04How to Handle the Unmeasurable — Where Materials Review Stands

Not being quantifiable does not mean it needs no management. The region without numbers is supplemented by scenario analysis, by imagining what happens when a premise collapses, and by stress thinking. It is the work of pinning down in words “what happens if this premise fails.” Even when no probability can be produced, the outline of what could happen can still be drawn.

Materials review is the embodiment of this preparedness for unmeasurable risk. Inspecting materials before they go out and stopping a deviation is the work of cutting off the tail before it becomes real. One could say that review, on the front line, carries the operational side of the board’s duty to decide on building an internal control system (The Board’s View, Vol. 6). If you can say not “it is safe because no number has appeared” but “precisely because this is a region where no number appears, we protect it through review,” then review takes its place in management as the function that fills the blank in measurement. Only when someone watches the tail that VaR cannot draw does company-wide risk management close.