ERM Concept Flashcards
What is strategic risk?
The risk that business strategies (mergers, acquisitions, growth strategies, product innovations) are flawed or ineffectively executed
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is business risk?
Can be considered a type of operational risk. The risk that annual financial and operating results may not meet management and stakeholder expectations
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is market risk?
The risk that prices and rates will move in a way that has negative consequences for a company.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is credit risk?
The risk that a customer, counterparty, or supplier will fail to meet its obligations (financial or service). This includes default risk AND downgrade risk.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is liquidity risk?
the risk that a company cannot raise cash to meet its requirements in a timely and cost-effective manner (without incurring a loss)
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is operational risk?
The risk that people, processes, or systems will fail, or that an external event (e.g., earthquake, fire) will negatively impact the company.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is compliance risk?
the risk that the company may violate laws and regulations
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What is reputation risk?
the risk that a company’s brand and reputation may be negatively impacted
ERM concept, framework, and process
Lam - ERM Textbook - pg. 31
What are the pros and cons of making risk management a part of every employee’s job responsibility?
Pro: employees know the risks of their work activities best
Pro: risk is managed throughout the company
Con: substantial training and education is required
ERM concept, framework, and process
Lam - ERM Textbook - pg. 32
What are the risk concepts?
1) Exposure
2) Volatility
3) Probability
4) Severity
5) Time Horizon
6) Correlation
7) Capital
ERM concept, framework, and process
Lam - ERM Textbook - pg. 32
What is risk exposure?
The maximum amount of damange that will be suffered if some event occurs.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 33
How is risk exposure measured?
Exposure measurement is quantitative for credit and market risk, but may be qualitative for others like operational and compliance risk.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 33
What is risk volatility?
The variability of potential outcomes
ERM concept, framework, and process
Lam - ERM Textbook - pg. 33
How is risk volatility measured?
Volatility risk is quantitative for some risks. For example, for market risk, it is the standard deviation of returns. Other risks need to be considered too like an increase in the turnover rate of programmers could negatively affect a company’s technology initiatives.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 33
What is risk probability?
The likelihood that some event will occur
ERM concept, framework, and process
Lam - ERM Textbook - pg. 33
What is risk severity?
How impactful the event is likely to be.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 34
What is a risk’s time horizon?
How long the company is exposed to the risk.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 34
Explain the focus of risk time horizon for financial vs operational risks.
For financial risks, the key issue is the liquidity of the position affected by the risk event.
For operational risks, time horizon can be thought of as the time required to recover from the risk event (like a fire).
ERM concept, framework, and process
Lam - ERM Textbook - pg. 34
What is risk correlation?
The relationships between risks
ERM concept, framework, and process
Lam - ERM Textbook - pg. 35
How is correlation risk managed in financial and operational risks?
Financial: diversification can be achieved through risk limits and portfolio allocation targets to reduce risk concentrations.
Operational: diversification can be achieved through separation of operational units.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 35
What is economic capital?
1) Another name is risk-adjusted capital.
2) It’s capital that a company holds to meet cash requirements (like costs of investments and expenses) and to cover unexpexted losses arising from risk exposures.
3) The value-at-risk assessed on the market value of assets over liabilities.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 35
What is a credit rating?
An estimate of how likely a company is to fail
ERM concept, framework, and process
Lam - ERM Textbook - pg. 35
How does a company decide how much capital to hold?
The company decides how high it wants its credit rating to be. More capital = higher rating.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 35
Why do companies have to allocate capital to its business units?
1) It explicitly links risk and return
2) It allows the profitability of all business units to be compared on a consistent risk-adjusted basis
ERM concept, framework, and process
Lam - ERM Textbook - pg. 36
What is an internal capital market?
An internal capital market is a market created within one company when economic capital is allocated to business units. Business units that produce the best risk-adjusted returns will thrive while other phase out.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 36
What are the 3 steps in the risk management process?
1) Promote risk awareness
2) Measure risk
3) Control risk
ERM concept, framework, and process
Lam - ERM Textbook - pg. 36
What are 4 ways to deal with a risk?
1) Do nothing (accept it)
2) Limit the risk (mitigate it)
3) Reduce the risk (avoid it)
4) Transfer the risk (share it)
ERM concept, framework, and process
Lam - ERM Textbook - pg. 37
What is the goal for promoting risk awareness?
To ensure everyone within a business is:
1) Proactively identifying the key risks for the company
2) Seriously thinking about the consequences of the risks for which they are responsible
3) Communicating up and down the organization those risks that warrant others’ attention
ERM concept, framework, and process
Lam - ERM Textbook - pg. 38
What are the top 5 ways to promote risk awareness in a company?
1) Set the tone from the top
2) Ask the right questions
3) Establish a risk taxonomy
4) Provide training and education
5) Link compensation to risk
ERM concept, framework, and process
Lam - ERM Textbook - pg. 38
Why is it important for a company to set the tone for risk awareness from the top? (Senior management and especially the CEO?)
Some aspects of risk management are not instinctual. For example, people are eager to talk about their company’s successes, not actual or potential losses. It is crucial that senior management shows their commitment to risk management through words AND actions!
ERM concept, framework, and process
Lam - ERM Textbook - pg. 38
How can senior management ask the right questions when it comes to risk management?
Use the RISK acronym.
Return: What are the expected returns on the risks?
Immunization: What risk limits are in place?
Systems: Do we have appropriate systems to track and measure risk?
Knowledge: Do we have the right people and skills for effective risk management?
ERM concept, framework, and process
Lam - ERM Textbook - pg. 39
Why is it important for a company to establish a risk taxonomy?
Risk communications can be misunderstood easily without a risk taxonomy: a common structure for describing the categories and sub-categories of risks, as well as the tools, metrics, and strategies for risk management.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 39
Why is it important for a company to provide training and development for risk management?
Employees need the skills and tools to manage the risks for which they are responsible.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 40
Why is it important for a company to link risk and compensation?
People pay more attention to what their own responsibilities and how their financial incentives are tied to their performance. Risk management should be tied to compensation for employees at all levels. Otherwise, employees will stop paying attention.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 40
What items should be included in every risk report?
1) Losses
2) Incidents
3) Risk assessments
4) Key risk indicators
ERM concept, framework, and process
Lam - ERM Textbook - pg. 41
What should be included in the Losses section of a risk report?
Only overall levels of loss and important trends should be reported to senior management.
Ex: losses above thresholds, actual vs expected
ERM concept, framework, and process
Lam - ERM Textbook - pg. 41
What should be included in the Incidents section of a risk report?
List the major risk incidents for the period whether they were financial losses or not. Include the potential impact, root causes, and business response. Highlight any patterns.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 41
What should be included in the Risk Assessments section of a risk report?
Advance assessment of potential risks. Ex: absence of key staff, product launches, new technologies, etc.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 41
What should be included in the Key Indicators section of a risk report?
Quantifications of important trends and risk exposures for the company that can serve as early warning signals.
Financial risk ex: VaR, P&L, credit exposure vs limit
Operational risk ex: errors, customer complaints
ERM concept, framework, and process
Lam - ERM Textbook - pg. 42
How does the self-correcting feature of the risk report work?
Losses and incidents are captured easily. Management may notice that losses and incidents are coming from risks that are not discussed in risk assessments or key indicators. Action can be taken to improve the risk report going forward.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 42
What are the 3 ways to control risk that has not yet been taken on?
1) support business growth through capital allocation (to areas with best risk-adjusted return)
2) support profitability through risk-adjusted pricing
3) control downside risks by setting limits
ERM concept, framework, and process
Lam - ERM Textbook - pg. 44
What’s wrong with the NPV and EVA techniques for evaluating new investments and business performance?
These tools are usually based on book capital, which typically doesn’t fully capture expected loss, much less unexpected loss, and thus does not correspond to economic capital. Therefore, these methods tend to overstate the profitability of risky business and understate the profitability of low-risk business.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 45
How can a company determine its risk appetite?
It depends on the human, financial, and technology resources available. Risk appetite can be expressed in terms of the amount and likelihood of actual and potential loss.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 46
What limits should a company set to control downside risks?
1) Use stop-loss limits to control the actual amount of loss it takes.
2) Use sensitivity limits to control the potential losses it may take.
3) Use exposure limits
In all cases, when limits are reached, management actions and decisions should be triggered.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 47
What does TQM mean?
Total quality management
ERM concept, framework, and process
Lam - ERM Textbook - pg. 47
What are the 3 ways to control risk that have already been taken on?
1) Understand the risks through risk analysis
2) Understand which risks offset and exacerbate each other
3) Transfer risk when time, resources, or flexibility are scarce
ERM concept, framework, and process
Lam - ERM Textbook - pg. 47
What is duration matching?
A common risk management technique under which a financial institution matches the interest rate sensitivities of its assets and liabilities to make sure that their prices change in the same way when interest rates change. (The prices offset)
ERM concept, framework, and process
Lam - ERM Textbook - pg. 47
Why can risk be thought of as a bell curve?
The mean of the bell curve represents the expected performance. The objective of risk management is to optimize the shape of the bell curve (improve the expected performance and narrow the distribution of potential outcomes).
ERM concept, framework, and process
Lam - ERM Textbook - pg. 48
What risk variables can increase/decrease strategic risk?
1) Macroeconomic conditions
2) Competitive actions
3) The company’s effectiveness in formulating and executing its strategic plan
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What does EPS mean?
Earnings per share
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What risk variables can increase/decrease business risk?
These risks could drive earnings volatility.
1) market share
2) new customers
3) pricing margings
4) cost management
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What risk variables can increase/decrease financial risk?
Using interest rate risk as an example:
1) asset/liability duration mismatches
2) interest rate levels
3) pricing spreads
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What risk variables can increase/decrease operational risk?
Using IT as an example:
1) single points of failure (SPOFs) that could bring down critical systems
2) cyber security exposures
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What does IT mean?
Information technology
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What risk variables can increase/decrease regulatory risk?
1) new regulations that the company is not prepared for
2) new employees who are not trained in the company’s compliance procedures
ERM concept, framework, and process
Lam - ERM Textbook - pg. 49
What are 5 questions that senior management should be able to answer regarding risk management?
1) What are the company’s top 10 risks?
2) Are any of our business objectives at risk?
3) Do we have key risk indicators that track our critical risk exposures against risk tolerance levels?
4) What were the company’s losses and incidents, and did we identify these risks in previous reports?
5) Are we in compliance?
ERM concept, framework, and process
Lam - ERM Textbook - pg. 52
What is the definition of ERM?
Risk is a variable that can cause deviation from an expected outcome. ERM is a comprehensive and integrated framework for managing key risks in order to achieve business objectives, minimize unexpected earnings volatility, and maximize firm value.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 53
ERM is all about integration in what 3 ways?
The following items are requred:
1) A centralized risk management unit (like a CRO) to oversee all aspects of risk in the organization.
2) Integration of risk transfer strategies. Transfer only residual undesirable risk, after accounting for offsetting risks.
3) Integration of risk management throughout business processes like risk-adjusted pricing and capital allocation.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 54
What are the 3 major benefits of ERM?
1) increased organizational effectiveness
2) better risk reporting
3) improved business performance (reduced losses, lower earnings volatility, increased earnings, and improved shareholder value)
ERM concept, framework, and process
Lam - ERM Textbook - pg. 54
What does RAROC mean? How is it calculated?
1) Risk-adjusted return on capital
2) Could calculate by reducing cash flow by cost of capital, increase discount rate for net income in the numerator, or adopt economic capital in the denominator
ERM concept, framework, and process
Lam - ERM Textbook - pg. 57
What is a CRO responsible for?
1) Providing leadership for ERM
2) Integrating risk management frameworks across the organization
3) Setting risk appetite (through risk limits)
4) Implementing risk indicators and risk reports
5) Allocating capital to business activities based on risk
6) Communicating the company’s risk profile to key stakeholders
7) Developing the systems to support the risk management program
ERM concept, framework, and process
Lam - ERM Textbook - pg. 58
Why is it important for risk managment to have an independent voice? How can it be achieved?
In extreme circumstances like CEO/CFO fraud or excessive risk taking, the CRO may fear for their job security. Communication between the CRO and the board or board risk committee should be established in advance to ensure that risk management concerns are heard.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 59
What are the 7 components of ERM?
1) Corporate governance
2) Line management
3) Portfolio management
4) Risk transfer
5) Risk analytics
6) Data and technology resources
7) Stakeholder management
ERM concept, framework, and process
Lam - ERM Textbook - pg. 61
What is the role of corporate governance in ERM?
Establish top-down risk management.
It ensures that the board of directors and management have established the appropriate organizational processes and corporate controls to measure and manage risk across the company
ERM concept, framework, and process
Lam - ERM Textbook - pg. 62
What is the role of line management in ERM?
Business strategy alignment.
The risks of business transactions should be fully assessed and incorporated into pricing and profitability targets in the execution of business strategy.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 63
What is the role of portfolio management in ERM?
Management should act like a fund manager by setting portfolio targets and risk limits to ensure appropriate diversification and optimal portfolio returns. Portfolio management provides a direct link between risk management and shareholder value maximization.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 64
What is the role of risk transfer in ERM?
To reduce undesirable risks, management should evaluate derivatives, insurance, and hybrid products on a consistent basis and select the most cost-effective alternative.
Ex: swap undesirable risk exposure for desirable risk exposure through a derivative contract.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 64
What is the role of risk analytics in ERM?
Develop advanced analytical tools to consistently quantify and manage risk. For example, the results can be used to:
1) decide whether or not to transfer risk by comparing cost of transfer and cost of retention, for example.
2) support strategic planning by analyzing the probabilities and outcomes of different business strategies.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 65
What is the role of stakeholder management in ERM?
Improve risk transparency for key stakeholders such as the board of directors, regulators, and rating agencies.
ERM concept, framework, and process
Lam - ERM Textbook - pg. 66
What does FSR mean?
Financial Strength Rating. A rating that DBRS assigns to insurers. It is based on the following 5 elements: franchise strength, risk profile, earnings ability, liquidity, and capitalization
ERM concept, framework, and process
Global Methodology - pg. 4
What are the 3 phases to calculating FSR?
1) Evaluate the 5 building blocks
2) Combines the building blocks with assessments (ranging from weak to exceptional)
3) Finalize the ratings for the insurer’s various obligations
ERM concept, framework, and process
Global Methodology - pg. 5
How is franchise strength assessed?
1) Market position
2) Distribution channels
3) Diversification of business and/or products
4) Strategic and operational excellence
5) (larger firms also generally have greater franchise strength)
ERM concept, framework, and process
Global Methodology - pg. 6
How is market position assessed? Why does it matter for a FRS rating?
Measuring the market share and competitive rankings of the insurer’s key product lines. This directly affects the firm’s ability to attract and retain customers.
ERM concept, framework, and process
Global Methodology - pg. 6
How are distribution channels assessed? What are some examples?
Measure the strength and diversity of distribution channels. Ex: company reps, career agents, independent agents, insurance or retail brokerages, and direct-to-client formats like the internet
ERM concept, framework, and process
Global Methodology - pg. 6
Why does diversification of business and/or products matter for a FSR?
Diversification of products
1) reduces volatility of earnings
2) provides opportunity to rebalance products and market exposure to manage risk and optimize capital
3) allows the firm to better service clients throughout their changing lifecycle
ERM concept, framework, and process
Global Methodology - pg. 6
How is strategic and operational excellence assessed? Why does it matter for a FSR?
1) Management: Does it support and develop the franchise and company culture? Does it have a good relationship with regulators?
2) Ownership: How much of the firm is privately vs publicly owned? This changes how it operates and how it is governed.
3) Governance: The independence, experience, and diversity of the board of the directors
ERM concept, framework, and process
Global Methodology - pg. 7
How is risk profile assessed?
1) Product risk
2) Credit risk
3) Market risk
4) Operational risk
5) Risk management
ERM concept, framework, and process
Global Methodology - pg. 9
How is product risk assessed?
1) What is the risk level of the firm’s products? Low risk would be ones with short contract durations and price flexibility.
2) What is the reserve development history? If a firm continuously or frequently strengthens reserves, it may indicate that there are continuous estimation errors or unforeseen developments (like a large liability settlement).
ERM concept, framework, and process
Global Methodology - pg. 9
How is credit risk assessed?
1) Consider the insurer’s credit risk policies.
2) Analyze the firm’s fixed-income portfolio, in particular, its distribution across asset classes, rating categories, et.
3) Consider the firm’s track record in managing credit risk
ERM concept, framework, and process
Global Methodology - pg. 9
How is market risk assessed?
Evaluate the firm’s implicit and explicit guarantee exposures (like from interest rate and equity risk). Here are some examples.
1) Interest rate sensitivities arise when duration mismatches occur between the asset and liability portfolios
2) Equity risk and interest rate risk arises when firms provide guarantees to investment accounts (like a min AV, death, withdrawal, or income benefit guarantee)
ERM concept, framework, and process
Global Methodology - pg. 10
How is operational risk assessed?
In general, evaluate the firm’s ability to adapt to changing markets, adapt to changing regulations, and recover from failures
ERM concept, framework, and process
Global Methodology - pg. 10
How is risk management assessed?
Evaluate the following:
1) the corporate culture on risk
2) risk management infrastructure. Ex: pricing & underwriting controls, capital models to assess capital adequacy, stress scenarios tested, the hedging program, ability to manage counterparty risk
ERM concept, framework, and process
Global Methodology - pg. 10
How is earnings ability assessed?
1) Revenue generation and profitability
2) ROE
3) Combined ratio (P&C). A ratio less than 100% indicates an underwriting profit.
4) Income Stability
ERM concept, framework, and process
Global Methodology - pg. 12
Why does earnings ability matter for a FSR?
Earnings are used to fund capital requirements, for future business growth, to provide returns to participating policyholders, and to provide investment returns to investors
ERM concept, framework, and process
Global Methodology - pg. 12
How is revenue generation and profitability assessed?
Depends on the products sold. Profitability of short term liabilities can be calculated as the premiums less reserves, claims, expenses, etc. For longer term liabilities, source of earnings statements can be used or PV calcs of future estimated cashflows.
ERM concept, framework, and process
Global Methodology - pg. 12
How is income stability assessed? Why does it matter for a FSR?
The ALM policies are assessed because large mismatches between assets and liabilities can lead to volatile income which makes it difficult to manage capital levels and solvency ratios.
ERM concept, framework, and process
Global Methodology - pg. 12
What does ROE mean?
Return on equity. Net income for the period divided by the average equity for the period. It is an effective measure of profitability
ERM concept, framework, and process
Global Methodology - pg. 13
How is liquidity assessed? Why does it matter for a FSR?
1) Analyze key asset and liability classes, available liquid resources, claims frequency and severity, collateral posting, credit downgrade risk, setting of limits, and strength of stress tests
2) Insurers can suffer losses if forced to sell marketable assets at a discount to meet policyholder demands.
ERM concept, framework, and process
Global Methodology - pg. 14
How is capitalization assessed?
1) Capital cushion
2) Financial leverage
3) Fixed-Charge Coverage ratio
4) Capital flexibility
5) Capital generation
ERM concept, framework, and process
Global Methodology - pg. 14
Why does capitalization matter for a FSR?
Capital is used to provide a buffer for losses to ensure the timely payment of the insurer’s obligations (and it retains policyholder, investor, and counterparty confidence).
ERM concept, framework, and process
Global Methodology - pg. 15
What are the 3 main capital instruments? Give a brief description and DBRS’ opinion on them in terms of capitalization assessments.
1) Common equity: best because they can readily be used to absorb losses
2) Preferred shares: great because they can absorb losses, but not as flexibly (dividends are less flexible vs common equity)
3) Hybrid securities: fine because they can be used to meet regulatory requirements, but in practice, they are not able to absorb losses well
ERM concept, framework, and process
Global Methodology - pg. 15
How is the capital cushion assessed?
1) Analyze the insurer’s regulatory solvency ratios (may be multiple, especially if international)
2) Results of stress test studies, especially forward looking ones
3) Analyze the firm’s ability to meet its internal risk and solvency assessment targets
4) Analyze the credit rating of the firm’s reinsurers
5) Evaluate capital structure (% of capital in common equity vs debt, etc)
ERM concept, framework, and process
Global Methodology - pg. 16
How is financial leverage assessed?
The financial leverage ratio = (debt + hybrid securities + preferred shares) / total consolidated capitalization
ERM concept, framework, and process
Global Methodology - pg. 16
What is operating debt?
Debt dedicated to funding an isolated block of policies regarded as having excess reserves. Over time, as the reserve reduces, the released funds are used to pay down the dedicated funding
ERM concept, framework, and process
Global Methodology - pg. 16
What does EBIT mean?
Earnings before interest and taxes
ERM concept, framework, and process
Global Methodology - pg. 17
How is the fixed-charge coverage ratio assessed? Why does it matter for a FSR?
1) EBIT is compared with the quantity of fixed charges (like interest payments on debt and dividends paid to preferred shares)
2) Missing preferred share dividend payments, for example, are considered a financial event and indicate a weakened credit profile
ERM concept, framework, and process
Global Methodology - pg. 17
Why does capital flexibility matter for a FSR?
Having a variety of capital options allows the company to raise capital in the most cost-efficient form
ERM concept, framework, and process
Global Methodology - pg. 17
How is capital generation assessed? Why does it matter for a FSR?
1) Analyze the generation of internal capital, the level and flexibility of dividends paid, and the aggressiveness of share buyback
2) The most flexible form of capital is the capital generated through retained profits
ERM concept, framework, and process
Global Methodology - pg. 17
What is sovereign risk? What are some examples of sovereign risk events?
The impacts on a company from economic and political situations in a country in which it operates. This is a concern because many companies invest in government bonds.
Ex: government interventions, regulatory actions, and currency actions may place hardships on companies
ERM concept, framework, and process
Global Methodology - pg. 19
How does DBRS rate an insurer’s support of branches?
Branches are part of the same legal entity used to extend the geographic reach of the entity, so branches all get the same ratings.
ERM concept, framework, and process
Global Methodology - pg. 22
How does DBRS rate an insurer’s support of subsidiaries?
Assess the importance of the subsidiary to the insurer. Evaluate the extent to which failure to support the subsidiary would have negative implications for the insurer. Evaluate any explicit support provided and the likelihood of implicit support.
ERM concept, framework, and process
Global Methodology - pg. 22
What are the ways an insurer might support a subsidiary?
Capital injections, funding, reinsurance, technical assistance
ERM concept, framework, and process
Global Methodology - pg. 22
What 4 main factors affect the likelihood that an insurer will support its subsidiary?
1) Importance of the subsidiary to the insurer
2) Public sector ownership
3) Contribution of foreign subsidiaries to the insurer
4) Non-insurance subsidiaries
ERM concept, framework, and process
Global Methodology - pg. 22
How can you gauge the importance of a subsidiary to the insurer?
A subsidiary is likely to be important if:
1) they operate in the same country
2) the sub is extensively integrated in the operations of the insurer
3) the names and/or brands are very similar and easily associated
ERM concept, framework, and process
Global Methodology - pg. 22
How does public-sector ownership affect the likelihood that an insurer will support a subsidiary?
If the insurer is publicly owned, support of the subsidiary is less likely if:
1) the subsidiary does not support the public sector
2) the subsidiary is largely independent from the insurer (sponsor)
3) the insurer (sponsor) has limited commitments to the sub
ERM concept, framework, and process
Global Methodology - pg. 22
How does contribution of foreign subsidiaries to the insurer affect the likelihood that the insurer will support its subsidiaries?
If an insurer has significant key international operations, it is more likely to support its international subsidiaries. The insurer’s track record in supporting its subsidiaries and its competency in managing international operations are key considerations here.
ERM concept, framework, and process
Global Methodology - pg. 22
If a subsidiary is not an insurer, how does it affect the likelihood that it will receive support?
Non-insurers are less likely to receive support because the demise of a non-insurance subsidiary may have less of an impact on the insurer. Some non-insurance subs like banking subs, are often exceptions.
ERM concept, framework, and process
Global Methodology - pg. 23
What is a captive?
Captives are insurers owned by the insureds and organized for the main purpose of self-funding the owners’ risks. The shareholders/insureds actively participate in decisions influencing the underwriting, operations, and investments of a captive insurer.
ERM concept, framework, and process
Global Methodology - pg. 24
How does DBRS assess the FSR of a captive?
Typically, the captive will not have a different FSR than the parent because it typically does not have independent operations and is therefore dependent on the parent. The governance and control protocols are reviewed to assess the company’s ability to shield the captive from the financial hardship of the parent.
ERM concept, framework, and process
Global Methodology - pg. 24
What is Solvency II?
Solvency II is a regulation for insurance and reinsurance undertakings in the EU. It has entered into force in January 2016. It aims to protect policyholders and beneficiaries. It has a risk-based approach that assesses the “overall solvency” of insurance and reinsurance undertakings through quantitative and qualitative measures.
ERM concept, framework, and process
CRO Forum - pg. 3
What did insurers have to do because of COVID-19?
1) cope with earnings volatility
2) better understand exposures
3) strengthen online channels
4) optimize product mix
5) prepare for increased insurance fraud
ERM concept, framework, and process
CRO Forum - pg. 3
What does data quality mean?
It refers to data’s “fitness for use.” It is the ability to fulfill the requirements of intended usage of data in a specific situation.
ERM concept, framework, and process
CRO Forum - pg. 3
What is required to ensure effective data quality implementation?
1) Objectives setting
2) Planning
3) Measurement
4) Monitoring
5) Organization
6) Tools management
ERM concept, framework, and process
CRO Forum - pg. 3
What 5 things can a CRO do to get involved in data quality management?
1) Promote a vision on data quality benefits
2) Support the definition of optimal data quality governance
3) Assess data quality value and risk in the objectives setting phase
4) Monitor the actual data quality risk profile
5) Help business management to address data quality risk
ERM concept, framework, and process
CRO Forum - pg. 4
Why can data quality be considered an intangible asset?
They are both non-physical, separately identifiable, controllable, yield an economic benefit when used, capable of generating future benefit, and cost of its production or procurement can be quantified
ERM concept, framework, and process
CRO Forum - pg. 5
What are the data quality dimensions?
Accuracy, completeness, and appropriateness
ERM concept, framework, and process
CRO Forum - pg. 8
How can we determine data accuracy?
1) Data is free from material errors.
2) Data from different time periods used for the same estimation is consistent.
3) Data is recorded in a timely manner and consistently over time.
ERM concept, framework, and process
CRO Forum - pg. 8
How can we determine data completeness?
1) Data includes sufficient historical information to assess the trend and characteristics of the underlying risk.
2) Data is available for all of the relevant model parameters.
3) Data is not excluded from use in an internal model without justification.
ERM concept, framework, and process
CRO Forum - pg. 8
How can we determine data appropriateness?
1) Data is consistent with the assumptions underlying the actuarial and statistical techniques applied in an internal model.
2) Data reflects the relevant risks.
3) Data amount and nature ensure that estimations do not include material errors.
4) Data is collected and processed in a transparent and structured manner according to data definition and quality assessment criteria.
5) Data is updated regularly or whenever circumstances command.
ERM concept, framework, and process
CRO Forum - pg. 8
How should a firm treat data quality?
Data quality should be:
1) be a regular item on the Management Board’s agenda
2) receive ongoing priority attention within the organisation
3) be a structural component of operational management
4) be applied to the processes related to Solvency II reporting and also to the insurer’s operational processes in general.
ERM concept, framework, and process
CRO Forum - pg. 8
What are the 3 types of metadata?
1) business metadata (definition, data classification, data quality rules)
2) technical metadata (technical name, data type, location)
3) governance metadata (data owner)
ERM concept, framework, and process
CRO Forum - pg. 13
What is a data dictionary?
A map of data assets where data is specified including the required metadata
ERM concept, framework, and process
CRO Forum - pg. 13
What are the 3 main data quality committee types?
1) Strategic level
2) Tactical level
3) Operational level
ERM concept, framework, and process
CRO Forum - pg. 13
What are the 3 approaches for valuing an object?
1) Market approach: value = value of identical or similar objects traded in the market
2) Cost approach: value = cost incurred for making or buying an exact copy
3) Income approach: value = total economic benefit created by the object in the future (NPV)
ERM concept, framework, and process
CRO Forum - pg. 17
How can the 3 approaches to valuing objects be used to value data?
1) Market approach: NA as market prices are not given
2) Cost approach: not future-oriented, and doesn’t consider the benefit that data creats
3) Income approach: difficult to calculate (forecast future cashflows created by data)
ERM concept, framework, and process
CRO Forum - pg. 17
Define ERM
ERM…
1) is a continuous process
2) assesses risk from the following perspectives: holistic and standalone, positive and negative, short-term and long-term
3) is concerned with all risks (including those that are unquantifiable)
4) aims to achieve an appropriate risk-reward balance
ERM concept, framework, and process
CIA Practice Doc - pg. 4
What does CaR mean?
1) Capital at risk.
2) The earnings/capital that would be lost if a predefined event occurs.
3) The expected loss of capital given a probability over a specific time period.
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does EaR mean?
1) Earnings at risk
2) The reduction in earnings that would occur if a predefined event occurs.
3) ???? ADD
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does CRO mean?
Chief risk officer. The executive responsible for the risk management of an organization
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What is a contagion?
When one risk event generates another. Financial contagion is the spread of a
financial shock throughout a wider group, such as a financial group, an economy or the world.
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does economic capital mean?
The amount of capital an organization requires to cover its obligations with a
given degree of confidence over a specific time horizon.
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does fungibility mean?
The ability to move funds freely from entity to entity within a group of companies in
order to absorb losses wherever they arise
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does ECM mean? What is its purpose?
1) Economic capital model.
2) A model used to calculate economic capital which is compared to actual available capital to assess capital adequacy.
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does LICAT mean?
Life insurance capital adeqacy test. The Canadian capital framework for life & health insurers.
ERM concept, framework, and process
CIA Practice Doc - pg. 5
What does MCT mean?
Minimumm capital test. The Canadian capital framework for P&C insurers.
ERM concept, framework, and process
CIA Practice Doc - pg. 6
What does ORSA mean? What is its purpose?
Own risk an solvency assessment. It is an organization’s assessment of its risks, capital needs, solvency position, and internal targets.
ERM concept, framework, and process
CIA Practice Doc - pg. 6
What does PESTLE mean?
A framework used to analyze the impact of external factors on an organization. It analyses the exposure of the organization to political, economic, social, technological, legal, and environmental factors
ERM concept, framework, and process
CIA Practice Doc - pg. 6
What does RBC mean?
Risk-based capital. Capital requirements that reflect the risk profile of the financial institutions.
ERM concept, framework, and process
CIA Practice Doc - pg. 6
Define risk appetite
The level and type of risk that an organization is willing to accept in order to achieve its objectives (balancing threats and opportunities)
ERM concept, framework, and process
CIA Practice Doc - pg. 6
Define risk capacity
The extent of risk that an organization is able to support before breaching constraints generally determined by regulatory capital & liquidity needs and its obligations.
ERM concept, framework, and process
CIA Practice Doc - pg. 6
Define risk limit
A threshold to monitor so that actual risk exposure doesn’t deviate too much from the risk target and stays within the organization’s risk tolerance and risk appetite. Exceeding risk limits will typically act as a trigger for management action.
ERM concept, framework, and process
Airmic
Define risk profile
A description of the risk exposures of an organization.
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define risk tolerance
A quantitative description of the max amount of risk that the organization is willing to take regarding a specific risk. It is generally set by the organization in its risk appetite statement.
ERM concept, framework, and process
CIA Practice Doc - pg. 7
What does SaR mean?
1) Surplus at risk.
2) The shift in financial position that would occur if a predefined event occurs.
3) ??? ADD
ERM concept, framework, and process
CIA Practice Doc - pg. 7
What does VaR mean?
Value at risk. The maximum loss that could occur with a specified probability over a given time horizon.
ERM concept, framework, and process
CIA Practice Doc - pg. 7
What does TVaR mean?
Tail value at risk. the expected loss given that an event outside a given probability level has occurred over a given time horizon (a.k.a. conditional tail expectation).
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define agency risk
The risk of loss as a result of an agent’s pursuance of his or her own interests rather than the interests of the principal
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define conduct risk
The risk that firm behaviour will result in poor outcomes for customers
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define emerging risk
A risk that is developing or changing, is difficult to quantify, and may have a major impact. Often associated with a high degree of uncertainty, a lack of data, and are beyond the firm’s control. Like climate change and risk of pandemic.
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define equity risk
The risk of loss associated with exposure to an adverse movement in equity prices
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define inherent risk
The assessed level of raw or untreated risk; that is, the natural level of risk inherent in a process or activity without doing anything to reduce the likelihood or mitigate the severity of a mishap, or the amount of risk before the application of the risk reduction
ERM concept, framework, and process
CIA Practice Doc - pg. 7
Define insurance risk
The risk of loss arising from movement in insurance variables including claim incidence, claim termination and persistency
ERM concept, framework, and process
CIA Practice Doc - pg. 8
Define interest rate risk
The risk of loss associated with exposure to adverse movements in interest rates
ERM concept, framework, and process
CIA Practice Doc - pg. 8
Define investment risk
The risk of loss relative to the expected return of any investment
ERM concept, framework, and process
CIA Practice Doc - pg. 8
Define mortality risk
The risk of loss arising from movements in mortality variables including morbidity and longevity
ERM concept, framework, and process
CIA Practice Doc - pg. 8
Define residual risk
The risk remaining with an organization following its risk management process and internal controls
ERM concept, framework, and process
CIA Practice Doc - pg. 8
What are the 8 key components of an ERM system?
risk…
1) governance
2) culture
3) identification
4) assessment
5) measurement
6) response
7) monitoring
8) reporting
ERM concept, framework, and process
CIA Practice Doc - pg. 8
What is included in the risk governance system of an organization?
1) The assignment of roles and responsibilities
2) The policies and procedures
3) The internal control system
ERM concept, framework, and process
CIA Practice Doc - pg. 9
Explain the 3 lines of defence model for ERM
1) first line is the business units who have the primary responsibility
2) second line is risk management and compliance for oversight
3) third line internal audit for independent review
ERM concept, framework, and process
CIA Practice Doc - pg. 10
When assigning roles and responsibilities for risk governance, what parties should be considered?
1) Board
2) Risk committee
3) CEO
4) CFO
5) CRO
6) Chief actuary or appointed actuary
7) Compliance
8) Internal audit
ERM concept, framework, and process
CIA Practice Doc - pg. 10
What should be included in a risk policy?
1) the organization’s objective with the risk
2) the link to the risk strategy
3) tasks to be performed and how to measure the risk
4) roles and responsibilities
5) reporting procedures
6) escalation process
7) frequency of review of the policy
ERM concept, framework, and process
CIA Practice Doc - pg. 11
Define internal control system
A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance
ERM concept, framework, and process
CIA Practice Doc - pg. 12
What are the 5 components of an internal control framework?
1) Control environment
2) Risk assessment
3) Control activities
4) Information and communication
5) Monitoring activities
ERM concept, framework, and process
CIA Practice Doc - pg. 12
Define risk culture
The norms and traditions of behavior of individuals and of groups within an organization that determine the way in which they identify, understand, discuss, and act on the risks the organization confronts and the risks it takes
ERM concept, framework, and process
CIA Practice Doc - pg. 12
What should be considered during product development and pricing?
1) Economic value creation requirements for shareholders
2) Fair treatment of customers
3) Statutory requirements
4) The speed of recouping the investment capital
5) The impact on financials
6) Tail event impact on risk tolerances
ERM concept, framework, and process
CIA Practice Doc - pg. 12
How can an organization monitor risk culture and protect against losses due to risk culture?
1) Measure risk culture through employee surveys testing awareness and views on risk issues
2) To protect against risks that have reputational impacts, organizations can open an anonymous channel for employees to report issues anonymously
3) Organizations can link bonuses to risk-adjusted performance instead of just performance. (Can also defer bonuses to place emphasis on long term risk-adjusted performance rather than short term.)
ERM concept, framework, and process
CIA Practice Doc - pg. 13
What are the components of a risk strategy?
For each risk, list the…
1) objectives
2) principles
3) risk appetite
4) responsibilities
ERM concept, framework, and process
CIA Practice Doc - pg. 13
How do you express a risk tolerance?
Risk tolerance is often expressed in terms of key measures, including:
1) Capital or funding adequacy
2) Earnings or earnings volatility
3) Liquidity
4) Operational risk
ERM concept, framework, and process
CIA Practice Doc - pg. 14
What are the main difficulties that arise when translating organizational risk tolerance into specific risk limits?
1) Technical challenges like projecting future scenarios
2) Availability of data
3) Conflicts between risks and measures (like capital and earnings volatility)
4) Maintaining consistency between BUs and group objectives
5) Interaction of risks and capital
ERM concept, framework, and process
CIA Practice Doc - pg. 15
What operations does risk appetite affect?
1) NB mix/budgeting
2) Capital allocation
3) Asset allocation
4) ORSA or ICAAP
5) liquidity management
6) performance measurement and management
ERM concept, framework, and process
CIA Practice Doc - pg. 16
How does risk appetite affect NB mix/budgeting?
The analysis of risks would often include both new business mix (looking at risk concentrations as well as opportunities to improve diversification) and volumes, taking into account both available capital and risk concentrations.
ERM concept, framework, and process
CIA Practice Doc - pg. 16
List common stakeholders for risk related strategies
1) Regulators
2) Investors
3) Board of directors
4) Senior management
5) Bond holders
6) Credit rating agencies
7) Customers
8) Plan participants
ERM concept, framework, and process
CIA Practice Doc - pg. 16
How are risks categorized?
Identify the cause, the event, and the adverse impact of a risk
ERM concept, framework, and process
pg. 18
What should be included in a risk assessment report?
1) Detailed description of risk
2) Consequences of risk
3) Categorization of risk
4) Likelihood and impact of risk
5) Assessment of the effectiveness of controls and mitigation strategies
6) Assessment of residual risk
7) Actions required
ERM concept, framework, and process
CIA Practice Doc - pg. 20
How should a risk measure be chosen?
1) Objective of analysis. Different measures are better suited for some objectives.
2) Stakeholders. Complex measures will require actuaries to spend time educating others.
3) Data and modeling limitations. Is the amount of effort for the measure worth the benefit?
ERM concept, framework, and process
CIA Practice Doc - pg. 21
Why might one use TVaR instead of VaR?
When the loss distribution is heavily skewed
ERM concept, framework, and process
CIA Practice Doc - pg. 23
Why might pure risk measures be more appropriate than risk adjusted measures?
Pure risk measures are more constraining, so they should not be ignored. (Ex: mortality risk before vs after reinsurance.) If both pure and adjusted risk measures fall within limits, risk adjusted measures can be used to compare candidate strategies.
ERM concept, framework, and process
CIA Practice Doc - pg. 24
What is a simple factor model? Give an example
1) The simplest form of model that can be used to measure risk. A prescribed factor is multiplied by a known base amount to estimate the amount of risk.
2) Ex: When measuring asset default risk, ratings-specific credit default charges are applied to the value of assets held.
ERM concept, framework, and process
CIA Practice Doc - pg. 25
What is a standard shock? Give an example.
1) A risk measurement that assesses the financial impact of a prescribed risk factor stress.
2) Ex: To assess mortality risk, you can calculate the financial impact of a 15% increase to BE mortality rates.
ERM concept, framework, and process
CIA Practice Doc - pg. 25
What’s the difference between standard shock and own shock?
Instead of using a prescribed stress test, an organization can run their own stress tests.
ERM concept, framework, and process
CIA Practice Doc - pg. 25
What is a partial model?
1) A model used to measure a risk.
2) It can be based on a probability distribution or a distribution of scenarios, determined stochastically or deterministically.
3) It can be used in conjunction with other models for other risks to get an aggregate measure of the organization’s risks.
ERM concept, framework, and process
CIA Practice Doc - pg. 25
What’s the difference between a full model and a partial model?
1) A full model measures all of an insurer’s risks.
2) A multivariate probability distribution can be used to measure all risks simultaneously. Or each risk can be modelled separately, then aggregated using copulas.
ERM concept, framework, and process
CIA Practice Doc - pg. 25
How are market risks modelled?
Market risks depend on external economic factors which are often measured using stochastic models (which may make use of sub-models like economic scenario generators).
ERM concept, framework, and process
CIA Practice Doc - pg. 26
How are credit risks modelled?
1) Simple factor models are often used. Ratings-specific credit default charges are applied to the corresponding asset values or exposures.
2) Stochastic models can also be used to define prob of default and loss given default.
ERM concept, framework, and process
CIA Practice Doc - pg. 26
What are biometric risks?
Mortality, morbidity, and longevity risks
ERM concept, framework, and process
CIA Practice Doc - pg. 26
How are biometric risks modelled?
1) Simple factor models, stress tests, or more sophisticated stochastic models
2) Since biometric risks are long-term in nature, the stress tests and models are usually cashflow projection models which could include stochastic elements.
ERM concept, framework, and process
CIA Practice Doc - pg. 26
What are examples of behaviour risks?
Persistency, contribution patterns, exercise of embedded options, management expenses
ERM concept, framework, and process
CIA Practice Doc - pg. 27
What is maturity risk?
Organizations like public pension plans adopt investment strategies that align with the current risk profile and ability to bear risk. Maturity risk is the risk that demographic shifts cause risk profile shifts such that the org is unable to bear the risks required to achieve its objectives.
ERM concept, framework, and process
CIA Practice Doc - pg. 27
How are operational risks modelled?
Quantifying operational risks is very subjective, so a subjective scenario-based approach is often used, relying on the opinions of experts.
ERM concept, framework, and process
CIA Practice Doc - pg. 27
How can a firm decide on a risk aggregation approach?
Factors to decide may include:
1) computing power
2) end-user education
3) complexity vs accuracy tradeoff
ERM concept, framework, and process
CIA Practice Doc - pg. 28
Why does ORSA require forward assessment of risk and capital information?
Projection of risk and capital info within the business plan helps to ensure that strategic decisions made by senior management consider the future implications on risk and capital. (The time horizon is usually 3 to 5 years, or whatever is consistent with other business plan metrics.)
ERM concept, framework, and process
CIA Practice Doc - pg. 28
What does SST mean? What is its purpose?
Stress and scenario testing. It is used to understand what happens if the external economic and internal business environments are not stationary (like many models assume).
ERM concept, framework, and process
CIA Practice Doc - pg. 30
What 3 things will a robust SST framework test?
1) The adequacy of resources held within a business
2) The validity of current strategic business plans and risk appetite
3) The appropriateness of some aspects of resolution and recovery plans
ERM concept, framework, and process
CIA Practice Doc - pg. 30
What 5 things can SST do in the ERM process?
1) Assist in determining risk appetite
2) Strategic decision making
3) Model validation
4) Compliance with accounting requirements
5) Interactions with regulators
ERM concept, framework, and process
CIA Practice Doc - pg. 31
How can SST assist in determining risk appetite?
SST can help management understand the reasonability of risk limits by showing what conditions would result in risk exposure measures that exceed those limits.
ERM concept, framework, and process
CIA Practice Doc - pg. 31
What is reverse stress testing?
The process used to back-solve the required stress and/or scenario events that will produce a specific adverse business outcome.
ERM concept, framework, and process
CIA Practice Doc - pg. 32
What are the 4 ways that variables can be related?
1) Immediate dependency (direct immediate causal relationship)
2) Time-lagged dependency (delayed causal relationship)
3) Feedback dependency (variables interact with each other over time)
4) Phase-shift dependency (one variable affects another only after a change has reached a threshold)
ERM concept, framework, and process
CIA Practice Doc - pg. 33
What factor must you remember to consider when mitigating or sharing risks?
Remember that mitigating and sharing risks often creates or increases other forms of risk
ERM concept, framework, and process
CIA Practice Doc - pg. 37
What qualities does risk management information need to have to be valuable?
1) Timely
2) Comprehensive
3) Consistent
4) Accurate
5) Auditable
6) Forward-looking
ERM concept, framework, and process
CIA Practice Doc - pg. 40
What items are required in an ORSA?
1) Assessment of the adequacy of risk management, current and future solvency position, capital resources
2) Comprehensive of all material risks
3) Determination of the financial resources needed to manage its business
4) Analysis of the ability to continue in business and meet capital requirements
Capital Management
CIA Practice Doc - pg. 44
What items are included in FCT?
1) Development of a base scenario
2) Analysis of the impact of adverse scenario
3) Identification and analysis of the effectiveness of various corrective actions
4) Results and recommendations
5) Appointed Actuary’s opinion and sign off
Capital Management
CIA Practice Doc - pg. 44
What are the pros and cons of standard deviation?
Pro: easy to understand
Con: Not a coherent risk measure because it fails the monotonicity criteria and variance fails the sub-additivity criteria
Con: Doesn’t describe the entire distribution. Skewness and kurtosis are often needed to help explain the tail (the most important part of the distribution).
ERM concept, framework, and process
CIA Practice Doc - pg. 47
What are the pros and cons of VaR?
Pro: easy to understand
Con: Not a coherent risk measure because it fails the sub-additivity criteria
Con: Doesn’t describe the tail of the distribution
ERM concept, framework, and process
CIA Practice Doc - pg. 47
What are the pros and cons of TVaR?
Pro: Coherent risk measure
Con: Describes the tail of the distribution
Con: Difficult to calculate
ERM concept, framework, and process
CIA Practice Doc - pg. 48
How can we define a firm’s willingness to bear risk?
1) The desire or aversion to pursue opportunities in an uncertain business environment
2) How much volatility around an expected outcome is tolerable (in terms of capacity, regulatory compliance, ethics, reputation, and alternative costs)
ERM concept, framework, and process
Airmic
Order these risk concepts from most general to most specific: appetite, capacity, limit, target, tolerance.
1) Risk capacity (org level, max risk)
2) Risk appetite (org level, desired)
3) Risk tolerance (risk level, max risk)
4) Risk target (risk level, desired)
5) Risk limit (threshold to monitor and trigger management action)
ERM concept, framework, and process
Airmic
Define risk target
The optimal level of risk that an organization wants to take regarding a specific risk in pursuit of a specific business goal
ERM concept, framework, and process
Airmic
What qualities should a risk appetite statement have?
Risk appetite statement should be:
1) Comprehensive
2) Measurable, practical, and achievable
3) Consistent and coherent
ERM concept, framework, and process
Airmic
How does risk appetite support decision-making?
1) Identify business objectives
2) Understand baseline risk management maturity
3) Define risk appetite
4) Integrate risk appetite into decision-making through performance targets
5) Specify monitoring, reporting, and review processes
6) Implement continuous improvement processes (including regular review of risk appetite)
ERM concept, framework, and process
Airmic
What factors might influence an organization’s risk appetite?
1) Economic cycles
2) Competitor activities
3) Capital availability
4) Terms and conditions of borrowed capital
5) Diversification opportunities
6) Insurance market conditions
7) Stakeholder and societal demands
8) Compliance requirements
9) The organization’s own ROI targets and capital requirements
ERM concept, framework, and process
Airmic
How do you make a risk appetite statement?
1) Define scope and objectives of statement
2) Define principles of governance (which roles are involved and how their inputs are used)
3) Set review intervals
4) Link risk appetite to objectives, strategies, and KPIs
5) Use appropriate language for the org (like a taxonomy)
6) Ensure consistency with other risk management guidance
ERM concept, framework, and process
Airmic
How does OSFI’s risk assessment process work?
1) Evaluate the inherent risk within each significant activity of the insurer and the quality of risk management
2) Determine the level of net risk for each activity and direction (decreasing, stable, increasing)
3) Calculate ONR
4) Develop a Composite Risk Rating (with direction) for the insurer, after assessing earnings, capital, and liquidity in relation to ONR
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 2
What does ONR mean?
1) Overall net risk. OSFI calculates the overall net risk of an insurer as part of the risk assessment process.
2) It is a consolidated assessment of the potential adverse impact that the significant activities collectively could have on the insurer’s earnings performance and adequacy of capital.
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 2
What are the OSFI capital guidelines and who are they for?
1) MICAT (mortgage insurer capital adequacy test) for mortgage insurers
2) MCT (minimum capital test) for P&C insurers that aren’t mortgage insurers
3) LICAT (life insurance capital adequacy test) for life insurers
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 3
Under LICAT, what are the capital resources and the capital requirements?
1) Capital resources are the qualifying regulatory capital.
Total = Available capital + surplus allowance (SA) + eligible deposits (ED)
Core = Tier 1 capital + 70% of SA + 70% of ED
2) Capital requirement is the amount of regulatory capital needed to support the insurer’s risks. Base Solvency Buffer.
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 3
What are the capital triggers OSFI has in place?
1) Minimums: the minimum levels of capital necessary for an insurer to cover its risks. (Falling below the minimums would raise major concerns)
2) Supervisory Target: the target levels of capital for an insurer to cover its risks and provide a margin for other risks. (Falling below the targets is an early warning signal and would trigger intervention)
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 4
How are the minimums and supervisory targets calculated for LICAT?
1) Total:
Min is 90% of capital requirement
Target is 100% of capital requirement
2) Core:
Min is 55% of capital requirement
Target is 70% of capital requirement
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 5
Why should an insurer not solely rely on OSFI’s capital regulations?
The minimums and supervisory targets are based on simplifying assumptions applied to the entire industry. Insurers should conduct an ORSA to determine its own, specific capital needs.
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 5
What does internal taget mean?
The target levels of capital determined as part of an insurer’s ORSA. OSFI expects internal targets for total capital and core capital, and they should be set above the supervisory targets. OSFI should be notified when an insurer changes its Internal Targets.
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 6
What does capital management mean?
It is the on-going process of determining and maintaining the quantity and quality of capital that is appropriate to support an insurer’s planned operations.
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 6
What are the purposes of capital?
1) Maintain financial strength
2) Absorb losses
3) Support growth opportunities
4) Provide assets to meet obligations in the case of insolvency
ERM concept, framework, and process
OSFI Guideline A-4 - pg. 7
What 3 focuses does risk appetite have?
1) Protecting and creating value for the business by allowing management to make informed decisions to maximize risk-adjusted returns.
2) Ensure consistency between risk appetite and risk limits. (2008 financial crisis showed that many firms had risk limits higher than appetite)
3) Integrating into the corporate culture to guide risk-taking operations
ERM concept, framework, and process
Risk App. Link Report - pg. 7
What items should be included in a risk appetite statement?
1) Enterprise risk tolerance. The aggregate amount of risk the company is willing to take, expressed in terms of the following targets: capital adequacy, earnings volatility, and credit rating.
2) Risk appetite for each risk category
3) Risk limits for each risk category
ERM concept, framework, and process
Risk App. Link Report - pg. 11
What are the common quantitative and qualitative risk measures?
Quantitative: VaR and TVaR (for capital and earnings)
Qualitative: lowest desired credit rating, risk preferences (like not doing business in a certain region), and franchise value (from changes in publicity and reputation)
ERM concept, framework, and process
Risk App. Link Report - pg. 12
What is the purpose of backtesting? How does it work?
1) Quantitative risk measures are very sensitive to assumptions and model risk, so model validation can be difficult.
2) Tail risk events are rarely experienced in a lifetime, so it can be impossible to test the credibility of the risk measures against reality.
3) Solution: backtest the risk measures against reality. Ex: Use 80% CaR and test it against the past 5 years of experience, for example.
ERM concept, framework, and process
Risk App. Link Report - pg. 15
What are the steps to making a risk appetite statement?
1) Bottom-up analysis of the company’s risk profile
2) Interviews with the board to set risk tolerance
3) Alignment of risk appetite with the company’s goal and strategy
4) Finalize statement and get board’s approval
5) Establish risk policies, risk limits, and risk monitoring processes consistent with appetite
6) Communicate with senior management?
ERM concept, framework, and process
Risk App. Link Report - pg. 16
What are some risk limits that can be set for market risk?
1) Asset allocation limits
2) Foreign exchange limits
3) Fixed income securities duration limits
4) Asset liability mismatch limits
ERM concept, framework, and process
Risk App. Link Report - pg. 19
What risks are components of insurance risk?
1) underwriting risk
2) mortality risk
3) morbidity risk
4) lapse risk
5) expense risk
ERM concept, framework, and process
Risk App. Link Report - pg. 21
What risk limit can be set for insurance risks? How can it be calculated and monitored?
A/E ratio. To set the limit, calculate the expected payment under a stress event and divide by the expected payment under best estimate assumptions. To monitor, compare A/E ratios from regular experience studies to the A/E ratio limit.
ERM concept, framework, and process
Risk App. Link Report - pg. 21
What risk limit can be set for catastrophe risk?
NAR (net amount at risk). It is the sum assured minus the reserve. It is the additional amount that must be paid in excess of what has been reserved.
ERM concept, framework, and process
Risk App. Link Report - pg. 22
What is concentration risk?
The risks caused by a dominating position in a risk category, product line, distribution channel, or asset class.
ERM concept, framework, and process
Risk App. Link Report - pg. 23
What risk limit can be set for terrorism risk?
A limit on the concentration of policyholders’ locations
ERM concept, framework, and process
Risk App. Link Report - pg. 23
What are some things a firm can do to manage operational risk?
Brand management, anti money laundering, and compliance policies are examples of reputation and legal risk management.
ERM concept, framework, and process
Risk App. Link Report - pg. 23
Why is it important to set a reasonable diversification benefit assumption?
In tail events, the correlation between risks can increase quickly. Ex: Low interest rates, high credit risk, and widespread panic among investors (a financial crisis) can happen in many countries at the same time and deplete a firm’s capital. Therefore, a firm must quantify diversification benefit.
ERM concept, framework, and process
Risk App. Link Report - pg. 24
What are the ways of quantifying diversification benefit, and what risks are they commonly used for?
1) Correlation matrix approach: for different risk categories and geographic regions (like market and insurance risk)
2) Copula approach: same as correlation matrix
3) Structured scenario approach: for different risk factors within the same risk category (like interest, equity, and FX risks) because this method can build the causal relationship into scenario generation.
ERM concept, framework, and process
Risk App. Link Report - pg. 24
How does the correlation matrix approach work for quantifying diversification benefit?
1) Assume linear correlation, and use a correlation matrix to aggregate the value distributions or certain percentiles of different risk factors.
2) Different matrices can be used for different percentiles to reflect higher correlation in tail events.
ERM concept, framework, and process
Risk App. Link Report - pg. 24
How does the copula approach work for quantifying diversification benefit?
1) Assume joint distribution (not linear) based on marginal distributions and a copula function.
2) This allows better modelling of tail events where higher correlations were seen than in normal circumstances.
ERM concept, framework, and process
Risk App. Link Report - pg. 24
How does the structural scenario approach work for quantifying diversification benefit?
Use stochastic global scenarios that include all risk factors. The correlations between risk factors are incorporated in the scenarios. Asset and liability portfolios are assessed under the scenarios to obtain the value distribution.
ERM concept, framework, and process
Risk App. Link Report - pg. 24
What does SAA mean?
Strategic asset allocation is used to determine a long-term policy portfolio reflecting the desired systematic risk exposure
ERM concept, framework, and process
Risk App. Link Report - pg. 25
What does TAA mean?
Tactical asset allocation specifies the allowable deviation from SAA to take advantage of short-term market opportunities.
ERM concept, framework, and process
Risk App. Link Report - pg. 25
As a return objective, what is the minimum return?
A statutory rate set by actuarial assumptions to fund statutory reserve. Assets chosen are based on the duration matching strategy.
ERM concept, framework, and process
Risk App. Link Report - pg. 25
As a return objective, what is the enhanced margin?
Competitive return earned to fund a well-defined liability and a reasonable profit.
ERM concept, framework, and process
Risk App. Link Report - pg. 25
What is disintermediation risk?
Disintermediation risk increases when interest rates increase because policyholders lapse their annuities in favour of products with higher returns which causes large cash outflows and decreasing liability duration.
ERM concept, framework, and process
Risk App. Link Report - pg. 25
What is reinvestment risk?
Reinvestment risk increases when interest rates decrease because it may be impossible to reinvest cashflows at their current rate of return (lower return is more likely)
ERM concept, framework, and process
Risk App. Link Report - pg. 25
What is a hard market? A soft market?
1) Hard markets come after catastrophic events. The price of insurance coverage and the demand both increase.
2) Soft markets come several years after a catastrophic event. The event is gradually forgotten, so demand and price of insurance decreases.
ERM concept, framework, and process
Risk App. Link Report - pg. 32
What are the ways of calculating capital allocation? Briefly describe them.
1) A statutory required capital framework is prescribed by regulators. They lack granularity which may produce inaccurate estimations of a firm’s risk exposure.
2) A rating agency’s model helps to understand the capital requirement to maintain the target credit rating, but also lacks granularity.
3) An economic capital framework is specific to the firm, but cannot be used exclusively as the constraints from regulators and rating agencies still exist.
ERM concept, framework, and process
Risk App. Link Report - pg. 34
What event does a required liquidity calculation usually include?
The impact that a credit rating downgrade would have on available liquidity. Mass lapses typically occur when a firm is downgraded.
ERM concept, framework, and process
Risk App. Link Report - pg. 39
How are interest rate risk and downgrade risk related?
When a downgrade happens in a credit crisis, bond yields will normally increase as the credit spread widens. For portfolios with short durations, the correlation might be 0.5. For portfolios with long durations, the correlation might be 0 (conservative assumption).
ERM concept, framework, and process
Risk App. Link Report - pg. 41
What 3 performance measures can be used in managers’ performance scores to keep a healthy risk culture?
1) The gap between risk profile and risk appetite. (For senior mngmnt, this would be at the enterprise risk level. At the BU level, risk limits would be used. Of course, people should not be penalized for changes in economics.)
2) Actual vs expected RAROC
3) Actual vs expected risk-adjusted value added
ERM concept, framework, and process
Risk App. Link Report - pg. 44
What does MCEV mean?
1) Market consistent economic value.
2) It represents the PV of shareholders’ interests in the earnings distributable from assets allocated to the covered business after sufficient allowance for the market price for risk (where reliably observable).
3) Calculated as EVA + cost of capital (for life insurers)
ERM concept, framework, and process
Risk App. Link Report - pg. 45
How can MCEV be calculated?
1) Balance sheet approach
2) Earnings approach
ERM concept, framework, and process
Risk App. Link Report - pg. 46
What is a replicating portfolio or risk-minimizing portfolio?
A benchmark to measure the performance of business managers (includes insurance and operation risks). It uses the available liquid assets in the market to replicate the value and sensitivities of liability.
ERM concept, framework, and process
Risk App. Link Report - pg. 47
What 5 elements are required in an ORSA?
1) Comprehensive identification and assessment of risks
2) Relating risk to capital by setting internal targets (total capital and core capital for life insurers)
3) Oversight (risk management process)
4) Monitoring and reporting
5) Internal controls and objective review of the ORSA process
OSFI Guideline E-19
What does OSFI mean when it expects a “comprehensive identification and assessment of risks” in an ORSA?
An insurer’s ORSA should identify, define and assess the materiality of all known, reasonably foreseeable, emerging and other relevant risks that may have an impact on an insurer’s ability to continue operations, in both normal and stressed situations.
OSFI Guideline E-19
What are the important items to remember when giving a comprehensive identification and assessment of risks in an ORSA?
1) Include all risks, even those not captured in the regulatory capital framework and those that are difficult to quantify.
2) Include non-material risks that, when combined with other non-material risks, become material. Check that previously immaterial risks are still immaterial.
3) Document underlying assumptions, processes, and key considerations with regard to the drivers, the assessment, measurement, and mitigants in place for each risk.
OSFI Guideline E-19
Why does an insurer hold capital?
1) To reduce the likelihood of insolvency
2) To meet regulations
3) To achieve the target credit rating
4) To support business operations
5) To support business growth
OSFI Guideline E-19
Why does senior management need regular reports on risks and capital?
Regular reports are needed to…
1) Evaluate the level and trend of material risks
2) Evaluate the sensitivity and reasonableness of assumptions
3) Check that the insurer holds sufficient capital
4) Evaluate the adequacy of capital using stresses and scenarios
5) Assess future capital needs (e.g. dividend plans, issuance/retirement of capital instruments and capital fungibility constraints) and make any adjustments to the insurer’s strategic, capital and other plans, as necessary
OSFI Guideline E-19
What does OSFI use an insurer’s ORSA for?
OSFI reviews the ORSA and determines whether or not it is consistent with OSFI’s assessment of the insurer’s risk appetite and profile. OSFI does not approve the ORSA or tell the insurer how to perform or use the ORSA.
OSFI Guideline E-19
