Module 7: Risk frameworks (proprietary)

Question 1

Proprietary risk framework

Answer 1

A proprietary risk framework is one used by an organisation for a specific purpose, eg to determine a credit rating.

Question 2

Credit rating agency

Answer 2

A credit rating agency provides ratings on both

• specific debt issues, and
• issuing company.

Purpose is to:

• enable the issuer to borrow more cheaply.
• be a broad indication of the CREDIT-WORTHINESS of a company.

They use a combination of quantitative and qualitative assessments relating to

• the COUNTRY,
• the INDUSTRY
• the COMPANY
• the DEBT ISSUE itself.

A company’s ERM capability is becoming an increasingly important component of the ratings process.

Question 3

3 Major credit rating agencies

Answer 3

• Fitch
• Moody’s
• Standard and Poor’s (S&P)

Question 4

3 Analyses carried out by Standard and Poor’s

Answer 4

• SOVEREIGN risk analysis
  eg taxation, currency control
• BUSINESS risk analysis
  e. g. industry prospects, lack of diversification, diseconomies of scale, competitive strength, operational risks, management quality and structure.
• FINANCIAL risk analysis
  eg profit level, cashflow, capital structure and flexibility.

Question 5

The S&P framework categorises an insurance company’s ERM capability as being (4)

Answer 5

• weak
• adequate
• strong
• excellent

Question 6

The contribution of S&P’s ERM framework classification to the overall credit rating depends on (2)

Answer 6

• complexity of the risks faced

- amount of AVAILABLE CAPITAL and ease of access to (ie capability to absorb risks)

Question 7

5 Main areas that are evaluated by S&P to assess the ERM capability of a company

Answer 7

1. risk management culture
2. risk control
3. extreme event management
4. risk models and capital models
5. strategic risk management

Question 8

Key strength of the S&P ERM framework

Answer 8

Encourages good ERM practices, such as

• analysing risks HOLISTICALLY,
• linking STRATEGIC decision making to risk management and
• TRANSPARENCY.

Question 9

Key weakness of the S&P ERM framework

Answer 9

It applies to (re)insurance companies only and represents only the opinion of S&P.

Question 10

Outline what is meant by a credit rating

Answer 10

A credit rating is issued by a credit rating agency as an indication of CREDITWORTHINESS (or lack thereof).

Investors often use these credit ratings to assess the security of debt.

Ratings may be assigned to both:

• the ISSUER of the debt (an individual, company or country), and
• the particular ISSUE itself.

Question 11

Outline the shortcomings of credit ratings

Answer 11

Ratings agencies are paid by the debt issuer.

There is thus a potential conflict of interest.

Question 12

Two features of an insurer’s business that determine the significance of the categorisation of ERM

Answer 12

1. COMPLEXITY OF THE RISKS that the insurer accepts
   (where a complex risk is one that can change significantly in a short period, such as long-term contracts that cover multiple contingencies)
2. The amount of available capital and ease of access to it, ie capability to absorb risk (as has been seen in the banking sector recently, this access to capital can dry up quite quickly in poor market conditions).

Question 13

Outline how S&P assess risk management culture

Answer 13

There are a variety of indicators of positive risk management culture, such as

• the COMMUNICATION of risks through all levels of the company,
• the DOCUMENTIN and analysis of past errors
• the CONSISTENCY of risk management across all parts of the business
• the INCENTIVISING of good risk management practices within the firm

S&P also evaluate

• governance structure
• risk tolerance statements
• capabilities of individual risk managers

Question 14

Outline 6 positive features S&P will look for in an organisation’s approach to strategic risk management

Answer 14

S&P will look for 6 positive features:

1. Clear DECISION-MAKING with regards to the retained risks within the company and whether the company’s business should be refocused to avoid or diversify these risks.
2. A clear STRATEGY for investing assets owned by the company, with particular focus on the allocation across broad categories (equities / bonds) and across countries.
3. PRICING of products that reflects the risk / return payoff and clear standards set for the risk / reward profiles that are acceptable to the company.
4. Appropriate CAPITAL ALLOCATION between the different business units based on the capital model.
5. An appropriate DIVIDEND POLICY, which is influenced by the level of risk-adjusted return on retained capital - a strong company will be able to discuss how the dividend decision was made.
6. Good RISK-ADJUSTED RETURNS should be rewarded within the company.

Question 15

Outline what S&P consider when assessing an organisation’s control mechanisms for key risks

Answer 15

The control mechanisms for key risks will be assessed, considering:

• how well the company’s risk identification procedures are carried out
• how well risks are monitored on an ongoing basis
• the limits set for retained risks, how these limits will be adhered to and the consequences or actions taken when limits were not met
• the execution of the risk management processes.

Question 16

Outline what aspects of an organisation’s models S&P will review

Answer 16

S&P will review the 
- models used, 
- inputs,
- assumptions and 
- modelling formulae 
when assessing a company's capabilities in this area.

S&P regard a good model as being one which is consistent across all business areas, and all business regions.

S&P looks at modification of any standard formulae used for appropriateness to the particular business lines in which the company operates.

Question 17

Outline how S&P will assess an organisation’s extreme event management capability.

Answer 17

Extreme events are low frequency, high-impact events that can seriously affect the company’s financial health.

The company must prove that it considers various possible events such as terrorism, natural disaster, reputational incidents, etc, then adopts an appropriate course to measure the potential impact and prepare for the event.

Stress testing and scenario analysis may play a part in measuring such events.

Early-warning indicator reporting and catastrophe insurance are potential risk mitigators.

Question 18

8 Strengths of the S&P criteria

Answer 18

• overall emphasis on Enterprise Risk Management, ie doing risk management of all important risks together, rather than having a separate silo for each risk.
• focus on the use of economic capital or “risk capital” measures
• consideration of operational performance in light of the risk choices and tolerances
• useful breakdown into components of ERM analysis, which can be helpful to organisations when implementing their own ERM processes
• encouragement of greater transparency of ERM practices
• introduction of a classification system that should make the outcomes of the rating agency analysis easier to communicate
• same criteria applied to all insurance companies, but also tailored to each one (although details on how this is done are limited)
• the paper argues that a high rating may help organisations attract and retain increasingly sophisticated customers.

Question 19

8 Weaknesses of the S&P criteria

Answer 19

• Only to the view of Standard & Poor’s, not credit rating agencies generally.
• It is limited to insurance and reinsurance companies.
• The document is part of the company’s marketing literature, and the tone could be argued to be overly optimistic.
• Limited description is given on the actual procedures, or details of how the investigations will be carried out and how certain aspects will be measured.
• There is no explicit mention of agency risk.
• There is reference to “complicated and powerful simulation models”; this is highly subjective and can cause problems in itself.
• Risk management was already considered by S&P when rating companies; it is unclear whether this additional formalised approach had a significant impact on their views of insurance and reinsurance companies.
• Reliance should not be placed solely on the opinion of rating agencies; they may miss risks that a company takes, and that the company itself may also have missed.
  It may well also be the case that the company has a better understanding of its risks than the rating agency.