Transcript Example: Board Risk Reporting

Working with your Board to
Improve Risk Management and
Board Risk Oversight
Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University
Arya Yarpezeshkan – CRO at the Navigator’s Group
Joe Pugh – Sr. Advisor, ERM at AARP
Recording of this session via any media type is strictly prohibited.
Page 1
Presenters
• Paul Walker, Ph.D., CPA
Schiro/Zurich Chair in ERM, St. John’s University
• Arya Yarpezeshkan
Chief Risk Officer, The Navigator’s Group
• Joe Pugh
Senior Advisor, ERM, AARP
Recording of this session via any media type is strictly prohibited.
Page 2
Top Issues for Boards
• Board top issues:
Risk oversight
• Strategic risks
•
• Investors want more information on
strategy and risk oversight (what the
board is thinking)
Recording of this session via any media type is strictly prohibited.
Page 3
SEC 2014 National Exam Priorities
• Designed to:
communicate with investors and registrants
about areas that the staff perceives to have
heightened risk
• and to support the Securities and Exchange
Commission (“SEC”) mission to protect investors;
•
Recording of this session via any media type is strictly prohibited.
Page 4
SEC 2014 National Exam Priorities
•
Corporate Governance, Conflicts of Interest, and Enterprise
Risk Management. The NEP will continue to meet with senior
management and boards of entities registered with the SEC,
including their affiliates where appropriate, to discuss how
each firm identifies and mitigates conflicts of interest and
legal, compliance, financial, and operational risks. This
initiative is designed to: (i) evaluate firms’ control
environment and “tone at the top,” (ii) understand firms’
approach to conflict and risk management, and (iii) initiate a
dialogue on key risks and regulatory requirements.
Recording of this session via any media type is strictly prohibited.
Page 5
What to Expect
• Strategies for working with your board
• Ways to present and report an integrated,
transparent view of your organization’s risks
• Ideas on improving and benchmarking risk
management and board risk oversight
Recording of this session via any media type is strictly prohibited.
Page 6
1. INTERNATIONAL SPECIALTY INSURANCE UNDERWRITER
2. FOCUSED ON MARINE, ENERGY, SPECIALTY CASUALTY,
AND D&O / PROFESSIONAL LIABILITY
3. ONE OF THE “100 MOST TRUSTWORTHY COMPANIES”
BY FORBES.COM
Recording of this session via any media type is strictly prohibited.
Page 7
Recommendation: Have a governance framework
that is appropriate and effective for your organization
Board of Directors –
Risk Reporting
Group ERM
Management
Committee
Governance &
Compliance
Risk Sub-Committee
UW & Claims
Risk Sub-Committee
Finance
Risk Sub-Committee
Operations
Risk Sub-Committee
8
Recording of this session via any media type is strictly prohibited.
Page 8
Recommendation: Clarify roles and responsibilities
Roles and Responsibilities
Oversight
Escalation
Coordination
Ownership
Assurance
Recording of this session via any media type is strictly prohibited.
Page 9
Recommendation: Provide the Appropriate
Information For the Board to Execute its Oversight
Duties
• Is the board receiving the information it needs to foster
effective risk oversight, or is it drowning in data providing little
knowledge or insight?
• Are we providing the appropriate information for the board to
determine if management is effectively managing risk?
• Is there sufficient agenda time for discussing the enterprise’s
risks?
Recording of this session via any media type is strictly prohibited.
Page 10
Recommendation: Know Your Audience
• Broad or narrow skill sets?
• Big picture or detail oriented?
Unsure of the appropriate level of detail? Then ask
them.
Recording of this session via any media type is strictly prohibited.
Page 11
Example: Board Risk Reporting
Agenda
1. Emerging risks and opportunities
2. Risk tolerances vs. actual
3. Key risks
4. Risk events
5. Appendix
Recording of this session via any media type is strictly prohibited.
Page 12
Example: Board Risk Reporting
Emerging Risk Summary
Potential
Impact
HIGH
Emerging Risk 1
Emerging Risk 4
Emerging Risk 6
MEDIUM
Emerging Risk 2
Emerging Risk 5
Emerging Risk 7
LOW
Emerging Risk 3
< 6 months
6 m - 2 years
>2years
Time frame
Risk S ub-Committee Owner
UW & Claims
Finance
Operations
Compliance & Governance
Recording of this session via any media type is strictly prohibited.
Page 13
Example: Board Risk Reporting
Risk Tolerance Summary
Sample Risk Tolerances
Figures in (000s)
Tolerance
Tolerance Statements
Capital Management & Financial Performance
1. Maintain a maximum single risk net incurred loss tolerance < x% of shareholder equity
2. A single loss-producing event (natural or man-made catastrophe) will not generate net incurred loss of more than x%
of shareholders equity, as measured at a 99.6th % excedance probability (1-in-250 year).
%
$
Q1 Risk Estimate
%
$
Q4 13
Q1 14
% of
% of
Tolerance Tolerance
3. Multiple loss-producing events within a single 12 month period will not generate net incurred loss of more than x% of
shareholders equity, as measured at a 99.6% excedance probability (1-in-250 year).
Investments
4. A single or combination of exogenous economic shocks will not result in a de-valuation of invested assets greater
than x%, in any continuous 12 month period or less, as measured at a 99.6% excedance probability (1-in-250 year).
Underwriting Management
5. No single Division will constitute more than x% of our GWP in any single calendar year.
6. Maintain broad and deep intellectual capital in our underwriting units to ensure that business interruption from loss
of key personnel cannot cause more than x% of lost GWP over the course of a single year.
Operational / Reputational
7. Business interruption (from external event, disruption to systems / premises) will be mitigated so that no more than
x% of GWP is lost over the course of a year.
Recording of this session via any media type is strictly prohibited.
Page 14
Example: Board Risk Reporting
Capital Adequacy / Key Risks Summary
(i n USD Mi l )
Q1
2014
xxx
xxx
xxx
xxx
Underwriting Risk
Non-Nat Cat Risk
Nat Cat Risk
Reserve Risk
Investment Risk
xxx
Non-Investment Related Credit Risk
xxx
Operational Risk
xxx
Total Risk (Before Diversification)
(less) Diversification Benefit
Total Risk (After Diversification)
xxx
xx
xxx
Policyholder Surplus
Surplus : Risk Ratio
xxx
xxx %
Recording of this session via any media type is strictly prohibited.
Page 15
Example: Board Risk Reporting
Key Risk Example: Investment Risk
Summary
Investment risk increased by xx% as a result of heightened volatility in the Treasury Markets; however, the risk is still within our tolerances.
Risk Drivers
Changes in the macro-economic environment, etc.
Quantification
Period
Q4 13
Frequency
1/100 yr
Figures in (000s)
Severity:
Minimum Case
$xx
Severity:
Expected Case
$xx
Severity:
Extreme Case
1/100 yr
$xx
SH Equity
Tolerance
1/100 yr
$xx
% of Tolerance
Extreme Case - Methodology
Stochastically modeled. Investment data as of 9/30/2013.
Key Risk Indicators
…
Action Items
…
Recording of this session via any media type is strictly prohibited.
Page 16
Example: Board Risk Reporting
Key Risk Indicators– Detail in Appendix
Investment Key Risk Indicators
Volatility of Expected Return by Risk Factor
Volatility at 99% VaR
Global Financial Stress Scenarios
Global Financial Stress Scenarios
Lehman Default - 2008
Russian Financial Crisis - 2008
Equities down 10%
EUR down 10% vs. USD
Oil Prices Drop - May 2010
Japan Earthquake - Mar 2011
Debt Ceiling Crisis & Downgrade 2011
EUR up 10% vs. USD
Equities up 10%
Greece Financial Crisis - 2010
Libya Oil Shock - Feb 2011
Equity Markets Rebound - 2009
Portfolio
Impact
%
Portfolio
Impact
$
Q4 2013
Tolerance
x.x% of
Invested
Assets
Q3 2013
% of
Tolerance
% of
Tolerance
As of 9/30/2013
Recording of this session via any media type is strictly prohibited.
Page 17
Example: Board Risk Reporting
Emerging Risk – Detail in Appendix
Prolonged Power Blackout
Analysis
Description
Likelihood
Severity
Time horizon
Trend
Potential Impact (qualitative description)
Risk Drivers
Management Analysis
Action Plans / Mitigation Strategies
Monitoring Controls
Applicable Entity
Controls Owner
Risk Category
Executive Owner
Board Committee Owner
Traditional loss scenarios only assume power blackouts for a few hours or days. However, space weather events or coordinated terror attacks
could cause prolonged blackouts with significant impacts on society and industry. Critical infrastructure such as communication and transport
would be hampered, heating and water supply would stop, and production processes and trading would seize.
Low
High
6 m - 2 years (medium-term)
More likely.
Solar Storm events, Failing infrastructures; Cyber attacks
The event could impact multiple lines of business and cause signficant supply chain disruptions.
Recording of this session via any media type is strictly prohibited.
Page 18
Takeaways
• Have a governance framework that is appropriate and
effective for your organization
• Clarify responsibilities
• Know your audience
• Use the Report Appendix to your advantage
The information presented herein is for informational purposes only and is not intended to be legal, accounting or other professional advice or opinions on
specific facts or matters, used for trading or investment purposes or a complete description of certain aspects of the business of Navigators and its
operating subsidiaries.
Recording of this session via any media type is strictly prohibited.
Page 19
1. SOCIAL MISSION ORGANIZATION
2. NON-PROFIT & NON-PARTISAN
3. FIGHTS FOR PEOPLE 50+
4. A TRUSTED SOURCE OF INFORMATION
5. OFFERS ACCESS TO PROGRAMS, SERVICES & DISCOUNTS
6. CONNECTS PEOPLE TO VOLUNTEER OPPORTUNITIES
Recording of this session via any media type is strictly prohibited.
Page 20
ERM at AARP
Program maturity
Modeling the message
Recording of this session via any media type is strictly prohibited.
Page 21
Recommendation: Assign ERM to the full board
and keep them focused
• Does the full board have primary governance
oversight?
• Is the full board focused on the top strategic
risks?
• Is the full board dealing with the details of how
management is managing the risks?
• Is the board’s role one of “risk” management or
“list” management?
Recording of this session via any media type is strictly prohibited.
Page 22
Recommendation: Include ERM on board
self-assessment
“Critical risks facing the organization are
proactively identified by management and fully
vetted with the board”
“An appropriate process is in place to effectively
manage each of the critical risk areas”
“The board holds management accountable for
effective ERM stewardship”
Recording of this session via any media type is strictly prohibited.
Page 23
Recommendation: Benchmark your program
• Board’s like to know how your program stacks
up
• Is the board comfortable that you have an
effective program in place for managing risks?
– If not, share statistics
• Are we “right-sizing” the benchmarking data?
Recording of this session via any media type is strictly prohibited.
Page 24
Recommendation: Keep risk reporting simple
• Does the board have the right information for
effective risk oversight?
• Content over quantity
• Are we providing transparency and insight in
our risk reporting?
Recording of this session via any media type is strictly prohibited.
Page 25
Example: Board Risk Reporting
Agenda
1. Residual risk heat map
2. Summary risk profile scorecard
3. Individual risk mitigation scorecards
Recording of this session via any media type is strictly prohibited.
Page 26
Example: Board Risk Reporting
Recording of this session via any media type is strictly prohibited.
Page 27
Example: Board Risk Reporting
Recording of this session via any media type is strictly prohibited.
Page 28
Example: Board Risk Reporting
Sample Illustration Only
Recording of this session via any media type is strictly prohibited.
Page 29
Takeaways
• Assign ERM to the full board and keep them
focused
• Include ERM on board self-assessment
• Benchmark your program
• Keep risk reporting simple
Recording of this session via any media type is strictly prohibited.
Page 30
Board Risk Oversight Improvement
• ERM: required and also increases value,
lowers earnings volatility, leads to better
decisions, improves reputation…
• Governance metrics are used by analysts,
viewed by the market, bad/good news,
impact the ability to attract board members
• We have governance metrics and board
assessment but not BRO metrics or
assessment
Recording of this session via any media type is strictly prohibited.
Page 31
Board Risk Oversight Improvement
• Benchmark, review, improve ERM and BRO
• BRO Methods
BRO assessment and self-assessment
• BRO metrics and questions
•
Recording of this session via any media type is strictly prohibited.
Page 32
Board Risk Oversight Improvement
•
•
•
•
NACD 10
Deloitte 20/21
BRO 30 (Walker et al. 2012)
RCC 27 (Walker et al. 2014)
Recording of this session via any media type is strictly prohibited.
Page 33
Board Risk Oversight Tool
In recent work the authors found that the number one tool used by
companies to manage risk is not some sophisticated modeling tool
or even a risk assessment exercise. Instead, the number one tool
preferred by many companies is to have a conversation about risks
with management, and with and among the board. The tool
presented here is not meant to replace that conversation, but
should be used to ignite that conversation.
For each question for which the board believes there is a lack of
consensus, the board should have a discussion about why they are
not following this practice. In some cases, the questions are rooted
in mandated regulations. In other cases, they are considered a best
practice by many companies and by the research team.
Recording of this session via any media type is strictly prohibited.
Confidential; not for
34
Page 34
Tool
•
•
•
•
•
•
•
•
•
•
The board and the organization have a rigorous strategic plan which incorporates all
major and emerging risks.
The board is comfortable that management has identified all enterprise level risks.
The board has a clearly defined risk oversight process and has clearly established risk
responsibility.
The organization has a CRO or ERM leader with direct line reporting to the board or a
respective board committee.
The board quarterly reviews risk maps, risk dashboards, or related risk reporting.
The board and organization go beyond risk maps and generate risk action plans as well
as related risk metrics.
Corporate decision making includes a discussion of the potential risks embedded in
those decisions.
The organization is prepared for a S&P or Moody’s assessment of their ERM process.
The board is informed of emerging risks on a timely basis.
The board has received ERM training.
Recording of this session via any media type is strictly prohibited.
Confidential; not for
35
Page 35
Tool
• Executives openly share all risk information with board committees.
• The organization has had no major risk debacles in the past fiscal period.
• Executives and management level risk committees have adequate
resources and training to identify and manage risks.
• Important risk information is streamlined and reported to the appropriate
executives and board level committees promptly.
• ERM is viewed as a critical way to create value and grow the organization,
while taking the appropriate risks.
• The organization identifies the risks related to compensation plans.
• Performance is evaluated in relation to the risks taken in achieving that
performance.
• The organization views and assesses risk by business unit.
Recording of this session via any media type is strictly prohibited.
Confidential; not for
36
Page 36
Tool
• The board is engaged in the discussion of strategy and the related risks.
• The board includes some members who are experts in the organization’s
relevant risks or risk oversight.
• The board feels confident in the risk oversight process.
• The board examines its own talent for diversity of views and for the ability
to oversee risk.
• The board examines risks that management missed to determine if the
risk was not identified or if it was not assessed properly. The feedback is
used to manage future risks better.
• The board has good communication with the CEO on the risks facing the
enterprise (both current and emerging).
• The board and management regularly assess their ERM process.
Recording of this session via any media type is strictly prohibited.
Confidential; not for
37
Page 37
St John’s Univ/Tobin College of
Business






MS Risk
MS Enterprise Risk Management
MBA/MS Acct with a conc. in Risk and ERM
Center for Excellence in ERM
Executive Education – Certificate in ERM
Booth _____
Recording of this session via any media type is strictly prohibited.
Page 38
Questions, Final Comments and
Contact Information
Paul Walker
Schiro/Zurich Chair of ERM, St. John’s University
[email protected]
(212) 284-7011
Arya Yarpezeshkan
Chief Risk Officer, The Navigator’s Group
[email protected]
(203) 905-6372
Joe Pugh
Senior Advisor, ERM, AARP
[email protected]
(202) 434-3647
Recording of this session via any media type is strictly prohibited.
Page 39