Past Exam Questions: April 2016 Flashcards

1
Q

State reasons why an organisation might build a model as part of its overall ERM decision-making

A
  • Overall to aid understanding and communication of risks
  • Pricing of products or services
  • Assessment of the economic value of the company
  • Estimation of the possible volatility of future profits and earnings
  • Determination of capital adequacy requirements: regulatory requirements and internal economic capital assessments
  • Projection of the future capital or solvency position
  • Assessment of the effect of risk management and mitigation techniques on profits and on capital requirements.
  • Assessment of the effect of other strategic decisions, e.g. changes in investments or new business strategy.
  • Evaluation of projects.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assess the suitability
for a new, small, niche, specialist general insurance company

of developing an internal capital model as opposed to using the standard formula

A

Internal model could be more suitable:

  • The insurer has very specific and niche risks, which may not be appropriately captured by the standard formula.
  • Higher claim volatility as it is a small company.
  • Expect high frequency, low cost claims.
  • An internal model specifically designed to measure the insurer’s risks could lead to a lower capital requirement and thus allow it to use capital more efficiently.
  • It should lead to better understanding and management of the company’s risks.

However:

  • The company is small and may not have historical data to calibrate an internal model.
  • The company may not have the in-house expertise to develop an internal model.
  • Developing and documenting the internal model will incur costs.
  • Including use of expensive external consultancy expertise / resources.
  • And maintaining it on an ongoing basis could be more costly than using the standard formula.
  • The insurer may find the regulatory approval process onerous, and in particular demonstrating compliance with the six tests, including the “use test”.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Suggest information that a company should request on an off-the-shelf software package before selecting a model

A
  • Cost of software
  • Cost of corporate / single use licences
  • Detailed contract terms
  • Cost / amount of hardware required to optimise the system
  • Whether development can be carried in-house or must be carried out by the vendor
  • If it must be carried out by the vendor, the lead time
  • Documentation on the testing carried out by the vendor
  • Ongoing support - help lines, bug fixes
  • Training provided
  • Documentation available to support the model
  • Whether multiple access is possible
  • Information on the installation process (costs, time and requirements)
  • Whether web-based or requiring special machines
  • Ease of use
  • Whether a trial period is offered
  • Where is used information stored and how is protected and backed up
  • Approach taken to model updates
  • Warranty offered
  • Cooling-off period and contract break clauses
  • Ability to run sensitivities
  • Ability to perform stress and scenario testing
  • How easily it supports P&l attribution outputs
  • List of other users
  • Testimonials from other users
  • Financial information on the vendor (to judge their security and thus ability to continue to support the model)
  • Credit rating of the vendor, if applicable
  • Details of any other options / models
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Propose ERM-related actions that a small company could take which would be practical, cost-effective and useful

A
  • Hold workshops to identify risks…
    … to define them
    … to estimate their maximum possible upside and downside
    … to roughly estimate the range / probabilities.
  • Design and produce a risk register.
  • Produce a simple risk appetite statement.
  • Produce a simple risk tolerance statement.
  • Establish a risk management committee.
  • Hold risk management committee meetings quarterly.
  • Produce regular simple broad risk reports, including e.g. risk lists with limits and traffic lights.
  • Appoint someone as a risk manager who can coordinate with the accountant and other managers.
  • Update the risk register, risk appetite and risk tolerance statement and the risk committee report format and content regularly.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4 Distinct tools that the board can use to help it identify the risks to which a business is exposed

A
  • SWOT analysis
  • Risk check list / prompt list / taxonomy / risk trigger questions
  • Case studies
  • Risk-focussed process analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the risk identification tool:

SWOT analysis

A
  • Identification of strengths, weaknesses, opportunities and threats
  • Weaknesses and threats generate downside risks
  • Opportunities and strengths generate upside potential and ideas for future strategies.
  • Covers both internal and external risk management contexts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the risk identification tool:

Risk check list / prompt list / taxonomy / risk trigger questions

A
  • List of risks or risk categories
  • Which are used as a reference for prompting identification of the range of risks for this particular organisation.
  • Lists can be developed from both own company experience and externally documented knowledge.
  • May use PEST or PESTELI (political, economic, social, technological, environmental, legal, industry) prompts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the risk identification tool:

Case studies

A
  • Can suggest specific risks where there are clear parallels between the organisation and the case study.
  • And suggest areas where similar risks might occur in future.
  • Show the contexts in which risks are allowed to develop.
  • And the links between various different risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the risk identification tool:

Risk-focussed process analysis

A
  • Construction of flowcharts for every process used by the organisation.
  • Analysis of the points at which risks can occur.
  • Detailed process descriptions should include who and what is involved at each point.
  • Requires input from all key areas of the organisation to establish how it does what it does.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain whether just holding additional capital is a suitable risk mitigation tool for operational risks

A

Although holding extra capital can mitigate against the financial impact of operational risk events crystallising; people, processes and systems risks are often better mitigated by additional controls rather than just holding capital.

Such mitigations normally have wider benefits to the company other than just being able to hold less capital.
E.g. lower profit volatility.

Operational risks arising from external events tend to be low frequency and high severity…
… therefore it is difficult to model and set an appropriate level of capital to be held.

If there is no other mitigation in place, either a very high amount of capital would need to be held for such events and this might not be possible, or the amount held would be insufficient under very extreme events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Outline operational risks that a gym chain might identify

A
  • Inexperienced / unpopular fitness instructors in the gym reducing memberships
  • Loss of good staff / instructors
  • Injury / sickness of key staff
  • Reputational risk reducing gym memberships
  • Staff commit fraud
  • Staff deal in illegal substances
  • Theft of gym equipment
  • Breakage of gym equipment
  • Gym equipment doesn’t function correctly and injures a member who then sues the gym.
  • Member sustains an injury as a result of a fitness class or treatment session.
  • Membership data systems fail.
  • Leak of personal data.
  • Monthly direct debits are not set up correctly and premiums are not taken.
  • Membership cards fail and members cannot access the gym.
  • Natural disasters (earthquakes, hurricanes, floods)
  • Criminal acts (e.g. arson)
  • Serious power failure resulting in the gyms not being able to operate
  • Risk of onerous change to regulations governing gym service provision.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Propose mitigation techniques for the operational risks facing a small gym chain

A
  • Trial periods and references for new instructors
  • Mandatory continued training for instructors
  • Appropriate remuneration e.g. bonuses based on member feedback
  • Provide private medical insurance for key instructors to help them recover more quickly from injury / sickness
  • Do-check-review processes to prevent fraud
  • Make very clear position on illegal substances and deal immediately with suspicions
  • Burglar alarms to prevent theft
  • Security cameras to prevent theft / arson
  • Investment in quality equipment
  • Clear notices posted relating to liability to members
  • Using legal advisors
  • Induction of every new member on the use of gym equipment and health and safety
  • Perform refreshers for members on the use of gym equipment and health and safety
  • Backups for IT systems
  • Service level agreements for IT systems / support
  • Buildings and contents insurance against natural disasters
  • Business continuity plans, e.g. alternative premises
  • Sprinkler system to reduce fire risk
  • Back-up power supply
  • Keeping pace with regulatory changes / lobbying
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explain the best modelling technique which would be most appropriate for assessing the capital amount required to hold against flood risk

A

Since the likelihood of a flood event happening is “very low”…
… and significant volume of past data is unlikely to exist
… the best technique would be Extreme Value Theory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Outline the information needed to assess capital requirements held against a flood using extreme value theory

A
  • Flood data from the last 50 years (say)
    … from areas in which the business is based.
  • Data that allows modelling both frequency and severity
    … so the data needs to include both number of flood events and indication of the severity of each.
  • Information on building repair costs.
  • Expert judgement is likely to need to be applied to adjust the flood data
    … to allow for future weather trends not observable in past data
    … and to allow for changes to flood defences in the areas.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List different ways in which a company can seek to reduce its financial market risk exposure without transferring risk

A
  • Avoidance: investing a lower proportion in “high risk” assets
    (e. g. avoiding low credit-rating corporate bonds)
  • Diversification: by taking on uncorrelated risks
    (e. g. portfolios can be diversified across asset types, or across sectors, or individual stocks / counterparties, or geographically)
  • Greater matching of assets and liabilities
  • Strong internal controls and governance in relation to its investment strategy; particularly relating to the use of derivatives, if held.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain how the extent to which assets and liabilities are matched can generate risk for an organisation

A
  • If assets and liabilities are not perfectly matched, then financial market movements can result in the assets falling by more than the liabilities, or the liabilities increasing by more than the assets.
  • Thus the company has a greater risk of becoming insolvent.
  • Or it may become financially weak, which could generate reputational risk.
  • If assets and liabilities are mismatched by nature, this could introduce inflation risk.
  • Equally, if liabilities are fixed and assets are largely equities, the company is at risk from lower than expected equity returns.
  • Basis risk arises from mismatching to the extent that a hedging instrument is not perfectly matched to what is being hedged.
  • If asset and liability cashflows are mismatched by term, this could introduce interest rate risk.
  • If assets and liabilities are similar in nature, but the duration of the former is greater than the other, the company is at risk of interest rates rise.
  • Mismatching cashflows by term also generates liquidity risk since assets will have to be sold in order to generate cash to settle outflows, if liability cashflows are of shorter term.
  • And it generates greater reinvestment risk if asset cashflows are of a shorter term than liabilities
    i. e. a risk that the rate at which the asset proceeds can be reinvested is lower than anticipated.
  • If assets and liabilities are mismatched by currency, this introduces the risk of changes to foreign exchange rates which reduce the value of assets relative to the value of liabilities.
  • In every case, the greater the mismatching between asset and liability cashflows, the greater the risk.
  • It is rarely the case that matching can be precise, so there will normally be some related risks remaining.
  • The process of determining an appropriate matching portfolio is subject to operational risks (human error etc.)
  • Management could intentionally mismatch in the hope of upside risk or increased profits.