Past Exam Questions: April 2016 Flashcards
State reasons why an organisation might build a model as part of its overall ERM decision-making
- Overall to aid understanding and communication of risks
- Pricing of products or services
- Assessment of the economic value of the company
- Estimation of the possible volatility of future profits and earnings
- Determination of capital adequacy requirements: regulatory requirements and internal economic capital assessments
- Projection of the future capital or solvency position
- Assessment of the effect of risk management and mitigation techniques on profits and on capital requirements.
- Assessment of the effect of other strategic decisions, e.g. changes in investments or new business strategy.
- Evaluation of projects.
Assess the suitability
for a new, small, niche, specialist general insurance company
of developing an internal capital model as opposed to using the standard formula
Internal model could be more suitable:
- The insurer has very specific and niche risks, which may not be appropriately captured by the standard formula.
- Higher claim volatility as it is a small company.
- Expect high frequency, low cost claims.
- An internal model specifically designed to measure the insurer’s risks could lead to a lower capital requirement and thus allow it to use capital more efficiently.
- It should lead to better understanding and management of the company’s risks.
However:
- The company is small and may not have historical data to calibrate an internal model.
- The company may not have the in-house expertise to develop an internal model.
- Developing and documenting the internal model will incur costs.
- Including use of expensive external consultancy expertise / resources.
- And maintaining it on an ongoing basis could be more costly than using the standard formula.
- The insurer may find the regulatory approval process onerous, and in particular demonstrating compliance with the six tests, including the “use test”.
Suggest information that a company should request on an off-the-shelf software package before selecting a model
- Cost of software
- Cost of corporate / single use licences
- Detailed contract terms
- Cost / amount of hardware required to optimise the system
- Whether development can be carried in-house or must be carried out by the vendor
- If it must be carried out by the vendor, the lead time
- Documentation on the testing carried out by the vendor
- Ongoing support - help lines, bug fixes
- Training provided
- Documentation available to support the model
- Whether multiple access is possible
- Information on the installation process (costs, time and requirements)
- Whether web-based or requiring special machines
- Ease of use
- Whether a trial period is offered
- Where is used information stored and how is protected and backed up
- Approach taken to model updates
- Warranty offered
- Cooling-off period and contract break clauses
- Ability to run sensitivities
- Ability to perform stress and scenario testing
- How easily it supports P&l attribution outputs
- List of other users
- Testimonials from other users
- Financial information on the vendor (to judge their security and thus ability to continue to support the model)
- Credit rating of the vendor, if applicable
- Details of any other options / models
Propose ERM-related actions that a small company could take which would be practical, cost-effective and useful
- Hold workshops to identify risks…
… to define them
… to estimate their maximum possible upside and downside
… to roughly estimate the range / probabilities. - Design and produce a risk register.
- Produce a simple risk appetite statement.
- Produce a simple risk tolerance statement.
- Establish a risk management committee.
- Hold risk management committee meetings quarterly.
- Produce regular simple broad risk reports, including e.g. risk lists with limits and traffic lights.
- Appoint someone as a risk manager who can coordinate with the accountant and other managers.
- Update the risk register, risk appetite and risk tolerance statement and the risk committee report format and content regularly.
4 Distinct tools that the board can use to help it identify the risks to which a business is exposed
- SWOT analysis
- Risk check list / prompt list / taxonomy / risk trigger questions
- Case studies
- Risk-focussed process analysis
Describe the risk identification tool:
SWOT analysis
- Identification of strengths, weaknesses, opportunities and threats
- Weaknesses and threats generate downside risks
- Opportunities and strengths generate upside potential and ideas for future strategies.
- Covers both internal and external risk management contexts.
Describe the risk identification tool:
Risk check list / prompt list / taxonomy / risk trigger questions
- List of risks or risk categories
- Which are used as a reference for prompting identification of the range of risks for this particular organisation.
- Lists can be developed from both own company experience and externally documented knowledge.
- May use PEST or PESTELI (political, economic, social, technological, environmental, legal, industry) prompts
Describe the risk identification tool:
Case studies
- Can suggest specific risks where there are clear parallels between the organisation and the case study.
- And suggest areas where similar risks might occur in future.
- Show the contexts in which risks are allowed to develop.
- And the links between various different risks.
Describe the risk identification tool:
Risk-focussed process analysis
- Construction of flowcharts for every process used by the organisation.
- Analysis of the points at which risks can occur.
- Detailed process descriptions should include who and what is involved at each point.
- Requires input from all key areas of the organisation to establish how it does what it does.
Explain whether just holding additional capital is a suitable risk mitigation tool for operational risks
Although holding extra capital can mitigate against the financial impact of operational risk events crystallising; people, processes and systems risks are often better mitigated by additional controls rather than just holding capital.
Such mitigations normally have wider benefits to the company other than just being able to hold less capital.
E.g. lower profit volatility.
Operational risks arising from external events tend to be low frequency and high severity…
… therefore it is difficult to model and set an appropriate level of capital to be held.
If there is no other mitigation in place, either a very high amount of capital would need to be held for such events and this might not be possible, or the amount held would be insufficient under very extreme events.
Outline operational risks that a gym chain might identify
- Inexperienced / unpopular fitness instructors in the gym reducing memberships
- Loss of good staff / instructors
- Injury / sickness of key staff
- Reputational risk reducing gym memberships
- Staff commit fraud
- Staff deal in illegal substances
- Theft of gym equipment
- Breakage of gym equipment
- Gym equipment doesn’t function correctly and injures a member who then sues the gym.
- Member sustains an injury as a result of a fitness class or treatment session.
- Membership data systems fail.
- Leak of personal data.
- Monthly direct debits are not set up correctly and premiums are not taken.
- Membership cards fail and members cannot access the gym.
- Natural disasters (earthquakes, hurricanes, floods)
- Criminal acts (e.g. arson)
- Serious power failure resulting in the gyms not being able to operate
- Risk of onerous change to regulations governing gym service provision.
Propose mitigation techniques for the operational risks facing a small gym chain
- Trial periods and references for new instructors
- Mandatory continued training for instructors
- Appropriate remuneration e.g. bonuses based on member feedback
- Provide private medical insurance for key instructors to help them recover more quickly from injury / sickness
- Do-check-review processes to prevent fraud
- Make very clear position on illegal substances and deal immediately with suspicions
- Burglar alarms to prevent theft
- Security cameras to prevent theft / arson
- Investment in quality equipment
- Clear notices posted relating to liability to members
- Using legal advisors
- Induction of every new member on the use of gym equipment and health and safety
- Perform refreshers for members on the use of gym equipment and health and safety
- Backups for IT systems
- Service level agreements for IT systems / support
- Buildings and contents insurance against natural disasters
- Business continuity plans, e.g. alternative premises
- Sprinkler system to reduce fire risk
- Back-up power supply
- Keeping pace with regulatory changes / lobbying
Explain the best modelling technique which would be most appropriate for assessing the capital amount required to hold against flood risk
Since the likelihood of a flood event happening is “very low”…
… and significant volume of past data is unlikely to exist
… the best technique would be Extreme Value Theory.
Outline the information needed to assess capital requirements held against a flood using extreme value theory
- Flood data from the last 50 years (say)
… from areas in which the business is based. - Data that allows modelling both frequency and severity
… so the data needs to include both number of flood events and indication of the severity of each. - Information on building repair costs.
- Expert judgement is likely to need to be applied to adjust the flood data
… to allow for future weather trends not observable in past data
… and to allow for changes to flood defences in the areas.
List different ways in which a company can seek to reduce its financial market risk exposure without transferring risk
- Avoidance: investing a lower proportion in “high risk” assets
(e. g. avoiding low credit-rating corporate bonds) - Diversification: by taking on uncorrelated risks
(e. g. portfolios can be diversified across asset types, or across sectors, or individual stocks / counterparties, or geographically) - Greater matching of assets and liabilities
- Strong internal controls and governance in relation to its investment strategy; particularly relating to the use of derivatives, if held.
