Transcript Enterprise Risk Management For Insurers and Financial Institutions David Ingram CERA, FRM, PRM From the International Actuarial Association.

Enterprise
Risk Management
For Insurers and Financial
Institutions
David Ingram
CERA, FRM, PRM
From the International Actuarial Association
1
Course Outline
1. INTRODUCTION - Why ERM?
2. RISK MANAGEMENT FUNDAMENTALS – FIRST STAGE
OF CREATING AN ERM PROGRAM
3. RISK ASSESSMENT AND RISK TREATMENT - ACTUARIAL
ROLES
4. ADVANCED ERM TOPICS
2
Advanced ERM Topics
4.1 Governance And An Enterprise Risk Management Framework
4.2 ‘Upside’ Risk Management
4.4 Performance Management And Reward Systems
4.4 Role Of Internal Audit
4.5 Dealing With New Activities
4.6 Risk Tolerance, Appetite & Limits
4.6 Emerging Risks
4.7 Scenario Planning
4.8 Risk and Loss Diagnosis
4.9 Reporting and Monitoring
34.10
Risk Disclosure
4.1 Governance And An ERM Framework
•
Board Committees & ERM
•
Risk Tolerance & Board
•
Communicating ERM with Board
4
Board Committees & ERM
•
5
Existing Committees
–
Executive Committee
–
Investment Committee
–
Audit Committee
Risk Tolerance & Board
6
Turning Tolerances into Limits
Question #1
Is Top Management & Board able to
articulate their Risk Tolerance?
Often the answer is no.
7
Determining Risk Tolerance
• Survey & Discussion
• Analysis of Past choices & Risk Levels
• Review of Current Choices
• External Views of Risk & Return
8
Survey & Discussion
• Brokerage Forms & Mutual Fund
Companies Questionnaires for Individuals:
–
–
–
–
–
–
9
Income & Net Worth
Knowledge of Investments
Experience with Investments
Investment Objectives
Risk - Return Expectations
Cash Flow Needs – Investment Horizon
Bank or Insurance Company
Information needed is the same:
• Income & Net Worth
• Knowledge of Risks
• Experience with Risks
• Financial Objectives
• Risk - Return Expectations
• Capital Needs – Financial Horizon
10
Income & Net Worth
• Level of Income
• Volatility of Income
• Level of Surplus
– Management attitudes about above
– Preferences for losses to bypass income? Or dislike all
losses equally?
– Has income grown steadily? If not, is unsteady path
seen as normal or highly undesirable?
11
Knowledge of Risks
• Can Board readily articulate the
top risks of the company?
• Does Board have a feel for
which risks are most significant
to:
– Company Earnings?
– Company Solvency?
12
Difference between
Knowledge & Experience
• Knowledge – Intellectual
• Experience – Emotional
• Knowledge – Read the Book
• Experience – Didn’t need to read the Book
• Knowledge – Heard the News reports of Tsunami
• Experience – Was here for the storm
13
Difference between
Knowledge & Experience
In 1999, it was often said in the US that
majority of investment management
had no experience with market
downturn
Now they all do.
14
Does the Board have
Knowledge or Experience
•
•
•
•
•
•
15
Credit Risk
Interest Rate Risk
Equity Risk
Fx Risk
Insurance Risk
Operational Risk
Experience with Risks
• What were the experiences of the company is
previous periods of industry difficulty?
– What were the personal experiences of top
managers in those periods?
• Which risks are management more likely to
want to avoid because of past experiences?
16
Example
• In 1987, a US company had equity exposure
of 50% of surplus beginning of 1987
• By end of 3rd Quarter, surplus had grown 15%
• In 4th Quarter, Group Health Division reported
unexpected losses of 12% of Surplus
– Equity market fell 23%
– Surplus dropped 25%
– Local newspaper reported 96% drop in Company
earnings
17
Experience with Risks
• What kinds of losses has the
company experienced?
– Macro Market problems
– Industry-wide problems
– Unique Company Problems
18
Financial Objectives
• Earnings, ROE, Increase in
Embedded Value
• Ratings Level, surplus ratio
• Sales Level, Assets under
management, sales growth
• Risk Management
19
Risk Return Expectations
What are return expectations?
• Do they currently vary by product Line?
– What are seen as the drivers of the variances?
– Business Size & Age
– Competitors Return or Prices
– Business Risk
• Do return expectations vary with market
conditions?
– Or do they encourage additional risk taking under
unfavorable conditions?
20
Capital Needs & Financial Horizon
• Growth Rates & Capital Needs of
New Sales
• Profitability of businesses
• Current Capital Level
• Planning Horizon
– 1 year, 3 year, 5 year
21
Analysis of Past Choices & Risk Levels
• Look at historical risk levels relative to today
– Must be careful to choose right metric for
comparison
– Should try to choose time of most recent
decision on risk limit
• Assume that management is comfortable
with past risk limits
22
Example – Retention Limit




23
Retention limit was set at $1 M 10 years ago
Reduced probability of one year fluctuation
> $10 M from 5% to 1%
$10 M was 50% of pre-tax income
Now a retention limit of $3 M would produce
a 1% probability of fluctuation of 50% of
current pre-tax income
Review of Current Choices
• Show the risk characteristics of the
current proposal
• For several alternate structures
– Variability of Returns
– Results of Stress test
24
Review of Current Choices
New Premier III
Mean Return
25
Likely Range
Stress Test
Return
Version A
15.0%
12.0% to
18.0%
2%
Version B
17.0%
11.5% to
22.5%
-1%
Version C
18.0%
8.0% to
28.0%
-10%
Communicating ERM with Board
1.
2.
3.
4.
5.
6.
7.
8.
9.
Quantity & Quality of Risks Plan
Regular updates
Changes to Environment
Changes to Plan
Losses
Management Responsibilities & Reports
Unpredictable Events
Strategic Initiatives & Risk Management
Strategies & Risk Management
Risk Management & The Board
1. An advance agreement with management regarding:
the quantity and quality of risks that the firm is expected to take in
the coming year and
how much variability management expects there to be in what
actually happens.
This will naturally lead to a discussion of how far away from plan things can get
before another discussion between management and the board is in order.
Risk Management & the Board
2. Regular updates in the quantity and quality of risks
that are actually being taken by the firm
as well as the quantity and quality of risks retained.
One of the major issues that banks have faced in the current crisis is that some
of their risk offset programs were not as effective as management had
expected and very large gross risk positions that were thought to be
transferred or offset did become the responsibility of the bank when the
losses started to occur.
Board reporting had focused only on net retained risks which put the board
outside the discussions of how much gross risk was acceptable.
Risk Management & The Board
3. Information about the changes in the
environment that might indicate that certain risks
might be increasing.
This information would be in the form of trending
of key risk indicators
Risk Management & The Board
4. Information about the continuous changes that
management is making to the plans in response to the
changing environment
as they relate to the quantity and quality of risk.
Too often management appropriately changes course and defers mentioning
that to the board. The lack of mention of “course corrections” should be seen
as a sign of potential trouble by the board.
Management and the board should agree how far things can drift from plan
before management is expected to both do something different and mention
that to the board.
Risk Management & The Board
5. An advance discussion of losses.
Management and the board must recognize that the word “risk” is
short for “risk of loss”.
It is uncommon to have these advance discussions.
When firms experiences losses, there is often a period of uncertainty during which no one
knows whether this loss exceeds the tolerance of the board and how the board might
react.
While it does not make sense to expect there to be an exact list of expected reactions,
there is much to be gained by having this discussion before a real loss occurs.
Risk Management & The Board
6. Appointing members of top management to be individually
assigned personal responsibility
for each of the major risks and
risk/loss aversion practices of the firm
a risk management best practice that is internationally recognized.
A regular update by the top management individuals that have been given these
responsibilities, confirming that they have sufficient resources, both in
quantity and quality, to achieve the objectives for loss limitation and reporting
on the status of projects to improve capabilities.
Risk Management & The Board
7. A periodic discussion of the unusual and
adverse events that might unpredictably impact
on the firm and the ways in which management
expects to prepare for such events.
Risk Management & The Board
8. When a major corporate strategic initiative comes to the board
for notice or approval, discussion of the ways that this action
changes the risk of the firm.
The board should know whether a headline action further concentrates the risks
of a firm or whether is broadens the risk exposures.
If there are additional concentrations of risks, then it would be important to hear
more about the additional diligence to the existing loss aversion actions.
If it is a diversifying risk, then the board should be hearing about the new
risk/loss aversion actions that are contemplated.
Too often, management diversifies into a new risk and thinks that loss aversion is unnecessary
because of diversification. The term for that type of risk management decision is
de_WORSE_ification. For new risks, risk/loss aversion plans are particularly needed because of
management’s lower experience wit the new risk.
Risk Management & The Board
9. When management discusses the major
strategies of the firm with the board
discussions should include recognition of the
implications of the strategic plans on the firm's
risks and the risk/loss aversion plans.
The board should be sure that the plans for growth of the firm
reach for faster growth of expected profits than the rate of
growth of risks.
4.2 ‘Upside’ Risk Management
36
Strategic Risk
Management
View of risk across all risks to make decisions
about optimizing risk adjusted returns.
capability to assess trade-offs between different
risk types
assessment of risk adjusted returns.
capital budgeting
strategic investment allocation.
37
Strategic Risk Management
For Life Inurers
Strategic trade-offs between products with:
Credit Risk
Interest Rate Risk
Equity Risk
Insurance Risks
Based on long term view of risk adjusted returns of products
Choosing which to write, how much to retain and which to offset
Strategic trade-offs in Investment Selection
based on risks embedded in products
plus long term view of risk adjusted returns of investment choices
38
Strategic Risk Management
For Non-Life (P&C) Insurers
Strategic Trade-offs between insurance coverages AND
investments
based on long term view of risk adjusted return
Recognizing significance of investment risk to total risk profile
Selecting which risks to write and which to retain over the long term
Some Insurers have 40% or more of their total capital tied
to Investment risks
An Insurer with Strategic Risk Management will be able to say why
they chose to take that much Investment risk
Including discussing relative risk reward of Insurance choices and Investments
Average risk reward vs. marginal risk reward
With consideration of diversification impact of Insurance vs. Investments
39
Tactical Risk Selection
Reacting to short term market conditions to choose which risks to
take and which to retain in the short term
May use Risk Reward analysis or just combined ratio targets
Cycle Management
Insurance Cycles
Credit Cycles
Interest Rate Cycles
Equity Market Cycles
Choices to vary from long term strategic choices
Usually within a range
Range of variation authority
40
Strategic Risk Mgt
Companies with Superior Risk Management (Controls) will have
low volatility of earnings and low incidence of losses.
Companies with Superior ERM will have low volatility of earnings,
low incidence of losses AND Steadily improving
Returns.
Strategic Risk Management is the UPSIDE of Risk
Management
41
42
4.4 Performance Management And Reward Systems
43
4.4 Role Of Internal Audit
44
4.5 Dealing With New Activities
New Products
Acquisitions
Other New Activities
45
New Product Risk Review
Multiple Layers of Sign-offs
 Plan for Product
Go Ahead for Design
 Design of Product
Go Ahead for implementation
 Implementation of Product
And implementation of Measures, limits & controls
46
New Product Risk Management Review Questions
1.
47
What types of risk is the company assuming with this product?
a.
Market, Credit, Insurance, Operational Risks
b.
Short Term, Long Term
c.
Ruin, Volatility
d.
Specific, Systematic
e.
Accounting, Market Value, Liquidity
f.
Aggregation or Diversifying
:
New Product Risk Review
2. How will these risks be measured and monitored?
a. By whom and using what techniques and processes?
b. Where/how will the risk exposures be reported?
c. What will the risk reports look like?
48
New Product Risk Review
3 What are the risk mitigants and plans for managing those risks?
a. Product design, compensation design, control processes,
reinsurance, hedging
b.
49
Who will be responsible for the risk management?
New Product Risk Review
4 What are the daily, weekly or monthly risk limits?
a
How are those limits determined and policed?
b
What happens when a limit is exceeded?
50
New Product Risk Review
1
Who in Senior Executive Team is personally responsible for this
product??
6
What is the procedure for determining the Economic Capital/Risk
Surplus required for this product?
a
Has this been demonstrated to be consistent with the Economic
Capital/Risk Surplus for other company products?
51
New Product Risk Review
1
What is the Risk Return profile of this product and how consistent is
it with the Risk return profile of the other products?
2
How does the product pricing reflect the risks of the product?
a
What adjustments have been made to the pricing to achieve risk
adjusted returns that are appropriate as compared to the other
company products?
52
1 What training is needed for the staff that will be doing the risk measurement
and the risk management processes?
a.
What training is needed for Senior Management to get a full understanding
level on these risks?
2 Will the company’s internal and external financial reporting processes capture
the appropriate risk adjusted returns for this product consistently with existing
products?
a
Are there risks for this product that have significantly different
characteristics that special consideration is needed?
b
Are there any pending studies of financial reporting for this product that
might change the accounting significantly when the studies are completed?
53
Acquisition Risk
Risk Profile
Risk Management Processes
Implementation Risk
54
Other New Ventures
55
4.6 Risk Tolerance, Appetite & Limits
Covered Twice already
Any Questions?
56
4.6 Emerging Risks
57
Emerging Risks Management
Primary Components:
•
Environmental Scanning
–
To provide advance signals of potential Crisis developments
•
Process for Anticipating Emerging Risks
–
Development of Emerging Risk Scenarios
•
Process for Envisioning Significance of Emerging Risks
–
Stress Testing & Liquidity Risk Analysis
•
Process for Preparing Response to Emerging Risk Solutions
– Contingency Planning
•
Execution of Insurer in Emerging Risk Solutions
– Changes to company business and risk management practices
•
Insurer learning process from Emerging Risk Situation
Objective: To anticipate the next big risk
58
Emerging Risks Management
1. Pocess for Anticipating Emerging Risks
Development of Emerging Risk Scenarios
Terrorism, Natural Disasters, Pandemic, Man-made Disasters, IT Failures, Power
Failures, Stock Market Crash, Banking Crisis, Interest Rate Spike, Systemic liquidity
Crisis, hyperinflation, negative interest rates, significant negative economic growth,
Stagflation, Price deflation, currency exchange rate crash
To the extent these are not considered under operational risk management.
To the extent that the risk are not core (catastrophe risk coverage)
1. Process for Envisioning Significance of Emerging
Risks
Stress Testing
Liquidity Risk Analysis
59
Emerging Risks Management
1. Process for Preparing Response to Emerging Risk
Situations
Liquidity Crisis planning
Reputation Risk planning
Crisis Response Rehearsal
Contingency Planning
5. Execution of Company in Emerging Risk Situation
1. Company learning process from Emerging Risk
Situation
2. Environmental Scanning
to provide advance signals of potential Crisis developments
60
61
4.7 Scenario Planning
62
63
4.8 Risk and Loss Diagnosis
64
65
4.9 Reporting and Monitoring
66
Risk Management Constituencies
Management
Board of Directors
Shareholders
Securities Analysts
Investment Firms
Regulators
Rating Agencies
Distributors
67
External Auditors
Creditors
Reinsurers
Business Partners
Parent Company
Customers
Employees
Internal Risk Position Reports
Asset
Duration, Convexity, Greeks, Liquidity, VaR, Performance Attribution,
OAS
Liability
A/E analysis, Embedded Value analysis
ALM
Scenario Testing, Mismatch Risk, Transfer Pricing
Operational Risks
68
4.10 Risk Disclosure
69
Disclosures
Risk Management Discussion & Disclosures in
Annual Report
Aegon (ND)– 6 pages
AIG (US) - 12 pages
Swiss Re (SW) – 5 pages
Manulife (CA) – 10 pages
Nedcor (SA) – 30 pages (Bank)
70
Aegon Disclosures
Sensitivity Analysis
Fx
Equity Return Assumptions
Equity & RE returns
Interest Rates
Exposure & Limits
Credit Name limits
Derivative Exposure
Other
Bonds by Sector
71
AIG Disclosures
VaR
Market Risk VaR by Major Business Segment for
Interest, Fx, Equity and Combined – High, Low and
average for year
Fair Value sources
Counterparty Credit Summary by quality & by
industry
Note: AIG operations include trading & market making in Fx, Commodities &
Metals. Much of disclosures relate to that activity.
72
Manulife Disclosures
Discussion of
RM Structure
Policies & Process
Risk Measurement
Risk Limits
Sensitivity Tests
Interest Rate
Equity Market Value
Fx
Liquidity Stress
Exposures
Seg Fund Guarantees
Credit
73
74