CH24 - Risk governance

Question 1

Risk management

Answer 1

Risk management can be described as the process of ensuring that the risks to which an organisation is exposed are the risks to which it thinks it is exposed and to which it is prepared to be exposed. The key aim of risk management is to protect an organisation against adverse experience that could result in it being unable to meet its liabilities.

Question 2

Key steps for the management of risks (6)

Answer 2

1. Risk identification
2. Risk classification
3. Risk measurement
4. Risk control
5. Risk financing
6. Risk monitoring

Question 3

Risk identification

Answer 3

Risk identification is the recognition of the risks that can threaten the income and assets of an organisation. This is the hardest aspect of risk management.

Another part of the risk identification process is to determine to what extent the organisation is prepared to be exposed to each risk. This is called risk appetite or risk tolerance level.

Question 4

Why risk identification is the hardest aspect of risk management

Answer 4

1. The risks to which an organisation is exposed are numerous
2. Risk identification needs to be comprehensive

It is not surprising that the biggest risks to an organisation are those that are not identified, particularly when they relate to events that have not occurred before.

Question 5

Risk classification

Answer 5

Classifying risks into groups aids the calculation of the cost of risk and the value of diversification.

It also enables the risk ‘owner’ to be allocated from the management team. The risk owner would normally be responsible for the control processes for the risk.

Question 6

Risk measurement

Answer 6

Risk measurement is the estimation of the probability of a risk event occuring and its likely severity.

This would normally be carried out before and after application of any risk controls, and the cost of the risk controls would be included in the assessment.

Question 7

Treatments of risk under risk measurement (4)

Answer 7

Risk measurement gives the basis for evaluating and selecting methods of risk control and whether the risk should be:

1. declined
2. transferred
3. mitigated
4. retained with or without controls

Question 8

Risk control

Answer 8

Risk control is about determining and implementing methods of risk mitigation.

Risk control involves deciding whether to reject, fully accept or partially accept each identified risk. This stage also involves identifying diffenent possible mitigation options for each risk that requires mitigation.

Question 9

Risk control measures (4)

Answer 9

Risk control measures are systems that aim to mitigate tne risks or the consequences of risk events by:
1. Reducing the probability of a risk occuring
An example would be control and checking procedures to prevent payments being made by a company n fraudulent claims.
Another example would be introducing good safety procedures within a company to reduce the risk of fire starting.
2. Limiting the financial consequences of a risk
The financial consequences comprise the losses if the risk event occurs, together with the costs of mitigation techniques used, such as insurance premiums.
For example, a company could ensure that it has adequate insurance in place to meet the costs of a fire that does occur.
3. Limiting the severity of the effects of a risk that does occur
In particular, reducing significantly the probability of catastrophic loss. Insurance would be a common way of achieving this.
Another example would be having sprinkler systems and adequate fire extinguishers, so that a fire that does occur can quickly be put out, thus avoiding full loss.
4. Reducing the consequences of a risk that does occur.
For example by insuring the survival of the organisation and its continued ability to trade. This might be by having a business continuity plan that can speedily be put into place.

Question 10

Determination of risk appetite

Answer 10

The organisation’s risk appetite is another key feature in the decision on the approach to take control individual risks. Risk appetite is likely to have both quantitative and qualitative components.
The qualitative aspect of risk appetite includes risk preferences of the organisation.

Question 11

Risk financing

Answer 11

Risk financing involves:

1. Determining the likely cost of each risk (including the cost of any mitigations and the expected losses and cost of capital arising from retained risk)
2. Ensuring the organisation has sufficient financial resources available to continue its objectives after a loss event occurs.

Question 12

Risk monitoring

Answer 12

Having decided that all or part of a risk should be retained, with or without controls, the risks should be monitored.

Risk monitoring is the regular review and re-assessment of all risks previously identified, coupled with an overall business overview to identify new or previously omitted risks. It is important to establish a clear management responsibility for each risk in order that monitoring and control procedures can be effective.

Question 13

Objectives of risk monitoring (4)

Answer 13

Risk monitoring is the process of ensuring that risks continue to be managed. The objectives of risk monitoring might be to:

1. Determine if the exposure to risk and/or the risk appetite of the organisation has changed over time.
2. Identify new risks or changes in the nature of existing risks
3. Report on risks that have actually occurred and how they were managed
4. Assess whether the existing risk management process is effective

Question 14

Benefits of risk management process (7)

Answer 14

Through the effective risk management process a provider of financial benefits will be able to:

1. avoid surprises
2. improve the stability and quality of their business
3. improve their growth and returns by exploiting risk opportunities
4. improve their growth amd returns through better management and allocation of capital
5. identify opportunities arising from natural synergies
6. identify opportunities arising from risk arbitrage
7. give stakeholders in their business confidence that the business is well managed.

Question 15

Examples of natural synergies in life insurance and general insurance

Answer 15

An insurer’s portfolio may contain various risks that naturally offset (or hedge) each other, at least to some extent.
For example:
- A life insurance company may sell some products (eg term assurance) that expose it to mortality risk and others (eg annuities) that expose it to longevity risk
- A general insurer may find that good weather increases claims on its domestic property policies as there are more subsiquent claims, but reduces claims on its motor policies as there are fewer accidents.

Question 16

Requirements for the risk management process (5)

Answer 16

Ideally, in the management of risk, providers need to look to find the optimal set of strategies that balance the needs for return, growth and consistency. The risk management process should:

1. incorporate all risks, both financial and non-financial
2. evaluate all relevant strategies for managing risk, both financial and non-financial
3. consider all relevant constraints, including political, social, regulatory and competitive
4. exploit the hedges and portfolio effects among the risks
5. exploit the financial and operational efficiencies within the strategies

Question 17

Risk vs uncertainty

Answer 17

Uncertainty means that an outcome is unpredictable
Risk is a consequence of an action that is taken which involves some element of uncertainty. However, there may be some certainty about some of the components of the risk.

Question 18

Examples of components of risk relating to financial product benefit (or claim) payments that are certain rather than uncertain (4)

Answer 18

1. that a claim will happen, although the timing of it is uncertain e.g. whole life assurance
2. the amount of benefit payable, although the timing is uncertain e.g. without profit term assurance
3. the timing of a benefit payment, although the amount is uncertain e.g. maturity benefit on a with-profit endowment assurance
4. the range of possible outcomes e.g. claim payments on a general insurance product if limited to a maximum amount

Question 19

Systematic risk

Answer 19

Systematic risk is risk that affects an entire financial market or system, and not just specific participants. It is not possible to avoid through diversification.

The term systematic risk is sometimes used interchangeably with systemic risk. Systemic risk is a specific technical term used in finance. Systematic risk has an additional more general meaning that is ‘of or pertaining to a system’.

Question 20

Diversifiable risk

Answer 20

Diversifiable risk arises from an individual component of a financial market or system.

Question 21

Risks that are both systematic and diversifiable

Answer 21

Whether a risk is systematic or diversifiable depends on the context.

For example, an investment fund that is constrained to invest in domestic equities, because of the prospectus and other information issued to clients, will see the domestic equity market as a systematic risk.

A worlwide equity fund that can invest in domestic and overseas equities will see exposure to the domestic equity market as a diversifiable risk. Such a fund can hold investments from a wide range of international markets and thus limit the exposure to any particular national market.