Mod 06: External risk frameworks (Advisory and proprietary) Flashcards
State the distinguishing principles embedded in the UK Government’s RM framework (‘The Orange Book’)
Principles embedded in ‘The Orange Book’
Key principles of this framework that distinguish it from others include:
1. the importance of linking risks to objectives
2. the distinction between the risk and its impact
3. the need to distinguish inherent and residual risks
4. prioritisation of risks is more important than quantification
5. risk appetite should be subdivided into corporate, delegated and project
6. the importance of regular reviewing and reporting
7. a dedicated risk committee is recommended.
Outline the four elements of Canada’s Integrated RM Framework
Elements of Canada’s RM Framework
1. Developing the corporate risk profile
−the importance of the establishment of a comprehensive understanding of an organisation’s risk profile, appetite and tolerance
−the need to establish the interdependent relationship between the organisation and its operating environment
2. Establishing an integrated risk management function (RMF)
− focus on the RMF and the integration of RM activities
3. Practising integrated RM
4. Ensuring continuous RM learning
−the value of a continuous and supportive learning environment the
State the distinguishing principles embedded in AS/NZS 4360
Principles embedded in AS/NZS 4360
AS/NZS 4360 is a best practice Risk Management Standard published by Standards Australia. It sets out a seven-element process (including a SWOT analysis).
Key principles of this framework include:
1. the detail on risk analysis for non-financial organisations (which can be useful for considering operational risk for financial organisations)
2. the recommendation that the risk management process is formulated into a risk management plan
3. the stressing of the importance of senior management buy-in
4. the need for adequate resources being allocated to risk management.
Outline ISO 31000, including the distinguishing characteristics
ISO 31000
- the global Risk Management Guidance Standard issued by the International Organization for Standardization
- its objective is to provide generic guidelines for the principles underlying best practice risk management
- it does not deal with specific risks or sectors
Three distinguishing characteristics are:
1. emphasis on the possibility of an effect, rather than the possibility of an event
2. focus on how such effects could affect objectives
3. viewing the risk framework as being dynamic – developing through a continuous cycle (akin to the Actuarial Control Cycle).
Outline the key features of the RAMP process
RAMP
1. mainly concerned with capital projects
2. can be made relevant to day-to-day business by regarding the business as a portfolio of projects
3. similar to AS/NZS 4360 process but also covers:
- project launch and closedown stages
-a go/no-go decision step
Outline the S&P approach to credit rating
The S&P approach to credit rating
S&P’s ratings of creditworthiness are a subjective combination of factors arising from its rating framework, which consists of three elements:
1.sovereign risk analysis, eg taxation, currency control
2. business risk analysis, eg industry prospects, diversification, competitive strength, management quality
3. financial risks, eg profit level, cashflow, capital structure and flexibility.
Within the above framework ERM capability is categorised into weak, adequate, strong or excellent. The significance of ERM capability within the overall credit rating for insurance companies depends on two features:
1. how complex the risks are that the insurer accepts
2. how easily the insurer can access capital.
List the five main areas that are measured by S&P in order to assess ERM capability
Five areas measured when assessing ERM capability
There are five main areas that are measured in order to assess the ERM capability:
- risk management culture
- risk control
- extreme event management
- risk models and capital models
- strategic risk management.
Outline how S&P assess an insurer’s risk management culture
Assessment of risk management culture
S&P define risk management culture to be the degree to which risk and risk management are important considerations in all aspects of corporate decision making.
The dimensions that S&P considers are:
1. its philosophy towards risk and its risk appetite
2. the governance and organisational structure of the risk management function
3. the external and internal risk and risk management disclosures and communications
4. the degree to which there is understanding and participation in risk management across the company.
For each of these, S&P has developed a suite of favourable and non-favourable indicators.
Outline how S&P assess an insurer’s risk control
Assessment of risk management control
The control mechanisms for key risks will be assessed, considering:
1) how well the company’s risk identification procedures are carried out
2. how well risks are monitored on an ongoing basis
3. the limits set for retained risks, how these limits will be adhered to and the consequences or actions taken when limits were not met
4. the execution of the risk management processes.
For each of these, S&P has developed a suite of favourable and non-favourable indicators.
For each insurance company, S&P develops an opinion as to the most important risks of the insurer, in particular those that are of high concern across the insurance industry, such as equity risk from embedded guarantees, concentration and event risk, and IT data security risk.
Outline how S&P assess an insurer’s extreme event management
Assessment of extreme event management
Extreme events are low frequency, high-impact events that can seriously affect an insurer’s financial health.
S&P look for evidence that the insurer:
1. considers various possible events, eg terrorism, natural disasters
2. adopts an appropriate course (eg scenario or sensitivity testing) to measure the potential impact (on the company’s reputation, liquidity and overall financial strength)
3. uses tools such as early-warning indicators and catastrophe insurance to mitigate risk
4. carries out ‘post-mortem’ analyses and feeds back into contingency plans
5. performs extreme event management regularly but not in a routine checklist manner.
Outline what is meant by indicative, predictive and sensitivity risk measures
Indicative, predictive and sensitivity risk measures
Indicative measures – give a broad indication of the trend in a risk, eg sums assured, premiums earned, values of assets, staff turnover. They might be obtained directly from accounting, administrative or underwriting systems.
Predictive measures – measure risk directly or indirectly in relation to a loss at a particular percentile of a distribution, eg Value at Risk, expected shortfall. They can be estimated using complicated and powerful simulation models (deterministic or stochastic).
Sensitivity measures – return the sensitivity of a value to a change in an underlying factor, eg duration, convexity, the Greeks. They can be obtained via closed-form calculations or stochastic simulation models.
Outline how S&P assess an insurer’s risk and capital models
Assessment of risk and capital models
S&P might perform assessments of:
1. the range, quality, and use of indicative, predictive and sensitivity risk measures
2. whether the risk measures are consistent with the complexity / usage
3. the appropriateness of the choice of projection approach
4. the degree to which the models reflect all important risks and operational issues (eg assumptions, procedures, validation)
5. the consistency between models / ability to aggregate risk
6. whether a single model or separate models are used
7. modification of any standard formulae used
8. the degree to which economic capital is used actively in day-to-day management, business planning and strategic decision making.
Outline features of strategic risk management that S&P would view positively
Positive strategic risk management
- clear decision making regarding retained risks (eg avoid, diversify)
- clear asset investment strategy (eg by class, sector, country)
- pricing reflects clear standards for risk / return payoff
- appropriate capital allocation
- justifiable dividend policy linked to RAROC
- director / employee remuneration linked to RAROC
List the strengths of the S&P approach
Strengths of the S&P approach
- emphasis on Enterprise Risk Management, ie not in silos
- focus on the use of economic capital or risk capital measures
- relating performance to risk choices and tolerances
- useful breakdown of ERM analysis into components
- encouragement of greater transparency of ERM practices
- introduction of a classification system to facilitate communication
- common criteria applied to all insurance companies, but also tailored to each one (although limited details on how this is done)
- argued that a high rating may help organisations attract and retain customers who are increasingly sophisticated
List the weaknesses of the S&P approach
Weaknesses of the S&P approach
- reflects views of S&P only, not credit rating agencies generally
- limited to insurance and reinsurance companies
- hard to assess the approach objectively as:
−limited description given of actual procedures and measures
− the strengths (above) are derived from the company’s marketing literature, and the tone could be argued to be overly optimistic - no explicit mention of agency risk
- ‘complicated and powerful simulation models’ used will be highly subjective and are problematic (eg model risk)
- unclear impact – ie did the adoption of this formalised approach to RM assessment have any significant impact on S&P’s views?
- there are other viewpoints – eg the company may well have a better understanding of its risks than a rating agency
