Effective ERM Communication
Download
Report
Transcript Effective ERM Communication
ENTERPRISE RISK MANAGEMENT
FROM A RATING AGENCY PERSPECTIVE
2014 PAMIC Financial Management Seminar
Mark Murray
Senior Vice President
September 30, 2014
Agenda
Defining “E” RM
Evolution of ERM within the Rating Process
Effectively Communicating ERM
A.M. Best’s Current Views on ERM
GUY CARPENTER
July 17, 2015
1
A.M. Best’s Definition of “E” RM
GUY CARPENTER
July 17, 2015
2
Defining Enterprise Risk Management
ERM is the process through which insurers identify, quantify and manage risk on an
enterprise-wide, holistic basis
ERM takes into consideration the individual risks at hand, as well as any
correlations and inter-dependencies of risk across the entire organization
Insurers that create a more structured, integrated risk framework and apply it
prudently can:
— Increase the value of the firm
— Provide financial security to the organization
Source: A.M. Best
GUY CARPENTER
3
Practical Approach to Risk Management
Tailored to your business and risk profile
—
Process must fit your company, not the other way around
Function over form
— For some, traditional approach supplemented by an understanding of
how risks correlate
Flexible and adaptive to the changing business environment
—
Ongoing process…emerging risks…risk learning
A.M. Best does not and will not prescribe risk management processes
Source: A.M. Best
GUY CARPENTER
4
Enterprise Risk Management Framework
Culture
Measurement
Senior
Management
“E” RM and EC
Risk
Identification/
Management
Capital Management
Traditional Risk Management
Practices and Controls
Source: A.M. Best Risk Management and the Rating Process for Insurance Companies, April 2, 2013
GUY CARPENTER
July 17, 2015
5
Evolution of ERM within A.M. Best’s Rating Evaluation
GUY CARPENTER
July 17, 2015
6
Evolution of Risk Management Evaluation
How has A.M. Best’s process changed?
Rating committee discussion on risk management & impact on rating
— Risk Profile vs. Risk Management Capability
Added a new risk management section in the company reports
— Risk management
— Stress tests performed
— Investment risk management
— Cat exposure and management
GUY CARPENTER
7
Risk Management
Two key inputs for Rating Committee discussion:
Company’s
risk management
capability
Company’s
risk profile
Source: A.M. Best
GUY CARPENTER
8
Risk Management Impact
Risk Profile
Risk Management
Capability
HIGH RISK
SUPERIOR
Negative Rating Factor
MODERATE RISK
Potentially Higher
Capital Requirements
STRONG
LOW RISK
GOOD
MINIMAL RISK
WEAK
Source: A.M. Best
A company’s risk management capability needs to meet its risk profile
GUY CARPENTER
9
A.M. Best’s Risk Profile Characteristics
• Line of Business
• Investments
• Correlations (among lines or across risks)
• Liquidity
• Policy Limits
• Financial Flexibility
• Product / Coverage Changes
• Volatility in Earnings and Capital
• Competitive Environment
• Concentrations
• Legislative / Regulatory Environment
• Data Quality
• Judicial Environment
• Ceded Leverage / Potential Disputes
• Economic Environment
• Impact of Reinsurance Program
• Growth
• Management Philosophy
*Highly influential mutual company risk profile characteristics
GUY CARPENTER
10
Risk Management Capability
Traditional Risk Management
Enterprise Risk Management
•
Market Risk
•
Risk Culture
•
Credit Risk
•
Risk Identification and Controls:
•
Underwriting Risks:
Risk Dashboards
Pricing
Scenario Testing
Reserves
•
•
Risk Measurement:
Event (e.g. cat)
Correlations
Non-Financial Risks:
Capital Modeling
Strategic (e.g. Business Plan)
Risk-Based Decisions
Operational
•
Off-Balance Sheet
Risk Appetite:
Well-Quantified Risk Tolerances
Overall Risk Management Capability
GUY CARPENTER
11
Effectively Communicating ERM to A.M. Best
GUY CARPENTER
July 17, 2015
12
Communicating ERM
What information is communicated to the Rating Committee?
Quality of ERM Process at company
• Relevance to company profile and rating level
Organization’s top 5 largest threats
Clearly identified risk tolerances
• How are top risks quantified and/or validated?
• How often are material risks measured?
• Procedures if risk tolerances are exceeded
Liquidity and access to additional capital
Risk Impact Worksheets (Profile vs. ERM Capability)
GUY CARPENTER
July 17, 2015
13
Keys to Effective ERM Communication
1 Demonstrate progress in developing your ERM framework
— Highlight accomplishments and discuss future plans
2 Link individual risk discussions in the annual meeting to overall ERM framework
where appropriate to demonstrate the “use” test
3 “Own” your view of capital (risk adjusted and stressed) and use tools appropriate for
your risk profile / business model
Key ERM items to communicate:
– Governance structure highlighting ERM activities and
responsibilities
– Processes and procedures to identify and quantify “Key”
risks
– Risk tolerances for key risks vs current levels
GUY CARPENTER
July 17, 2015
14
A.M. Best’s Current Views on ERM
GUY CARPENTER
July 17, 2015
15
Risk Management Profile - Assessment
Across the rating spectrum, the top identified risks include:
• Concentrations/Correlations
• Competitive Environment
• Economic/Regulatory Environment
• Business Lines/Volatility of Results
Source: A.M. Best
GUY CARPENTER
16
ERM Observations
Areas of improvement over past year:
• Identifying key risks and correlations
• Less theoretical and applying more to actual business decisions
• Signs of great Board involvement/communication and per company management
a better understanding by BOD
• More focus and understanding on emerging risks
Areas where significant progress needs to be made:
• Defining risk tolerance/appetite - a bit broad for many companies
• Providing more evidence of how ERM process has benefited results - while have
improved as noted in 2nd point above - think they could demonstrate this even
more
Source: A.M. Best
GUY CARPENTER
17
Economic Capital Models
• There is a continuing focus on economic capital models. Many large
companies and most reinsurers have them and they are relatively advanced.
– On the plus side there continues to be a focus on making them better and
more transparent throughout the organization, rather then using just as a
senior management tool allocating capital to business segments.
– On the down side we see some companies (even ones that adopted
relatively “robust/advanced” ERM process previously) just going through
the motions of risk management and treating it like a “compliance”
requirement.
Source: A.M. Best
GUY CARPENTER
18