S&P: Evaluating the ERM Practices of Insurance Companies Flashcards
S&P notes that ERM: (3)
- Allows a more prospective view of an insurer’s risk profile and capital needs
- Is a highly tailored analytic process that recognises each insurer’s unique:
- – structure
- – products
- – mix of business
- – potential earnings streams
- – cash flows
- – investment strategy
- Is a process that recognises the benefits and risks of a diversified base of:
— products
— investments, and
— geographic spread of risk,
that can quantify the benefits of uncorrelated or partially correlated risks.
A company that practices risk management will:
- be working constantly to IDENTIFY risks
- regularly MONITOR the important risks
- have STANDARDS AND LIMITS in place for the amount and form of the risks that it is prepared to retain or tolerate
- have processes to MEASURE AND MANAGE its risks so as to stay within the limits formally agreed by senior management.
The impact of effective risk management
Any losses that occur from retained risks are within the tolerances of the organisation.
S&P definition:
Excellent ERM
Insurer has extremely strong capabilities to consistently
— identify,
— measure, and
— manage
risk exposures and losses within the company’s predetermined tolerance guidelines.
There is consistent evidence of the enterprise’s practice of optimising risk-adjusted returns.
Risk and risk management are always important considerations in the insurer’s corporate decision-making.
2 Important factors in determining the importance of ERM
- the ability to absorb risks (as demonstrated by the capital and access to capital)
- the complexity of the risks of the insurer
Complex risk
A risk that could change significantly in a short period of time with little obvious evidence of the change.
For the purpose of evaluating risk management, S&P will look at a company’s processes in 5 areas:
- risk-management culture
- risk control
- extreme-event management
- risk and capital models
- strategic risk management
S&P definition:
Risk-management culture
The degree to which risk and risk management are important considerations in all aspects of corporate decision making.
4 Aspects of risk-management culture
- philosophy toward risk and its risk appetite
- governance and organisational structure of the risk-management function
- risk and risk-management external disclosures and internal communications
- degree to which there is broad understanding and participation in risk management across the company
Favourable indicators of risk-management culture
- Company’s governance structure supports effective risk management through board access, authority, and management reporting relationships for risk managers.
- Company has a clearly articulated risk tolerance that is consistent with the goals and resources of the firm and the expectations of the board and other stakeholders.
- Corporate risk management responsibility rests with an influential, high-level officer.
- Board regularly receives, discusses, and understands reports on risk positions and the company’s risk-management programs.
- Risk-management staff is highly and appropriately qualified.
- Risk-management objectives are highly coordinated with business-line goals.
- Company incentive compensation supports the achievement of risk-management objectives.
- Risk-management policies and procedures are clearly stated and widely known.
- Information on risk management is widely communicated internally and externally to company management and stakeholders.
- Management views its risk-management capabilities as providing a competitive edge.
- Insurer actively learns from mistakes and loss situations. Policy and procedural changes are made to improve future risk management.
- Company makes limited changes to expectations when situations dictate.
- Management understands the basis for risk measures and risk-management programs and understands the strengths and limitations of those values and processes.
- Individual senior company managers have public responsibility for the management of specific major risks of the company.
- Risk measurement and monitoring is independent from risk taking and management.
- Remote offices and diverse business units all have approaches to risk taking and risk management consistent with the corporate views.
6 Indicators of risk controls
- risk identification
- risk monitoring
- standards and limits
- risk management
- risk limit enforcement
- risk learning
Favourable risk control indicators:
Risk identification
Company management has performed a process of identifying risk exposures and the most significant of those exposures.
Favourable risk control indicators:
Risk monitoring
Company monitors all significant risks on a regular basis, with timely and accurate measures of risk.
Favourable risk control indicators:
Standards and limits
Company has clearly documented limits and standards for risk taking and risk management that are widely understood within the company.
Favourable risk control indicators:
Risk management
Company has clear programs in place that are regularly used to manage the risks that the company takes.
Favourable risk control indicators:
Risk limit enforcement
Company has a process in place to see that risk limits and risk-management programs are followed as planned.
Exceeding limits has clear, predetermined, and effective consequences.
Favourable risk control indicators:
Risk learning
Company has a loss post-mortem process to determine if its processes need improvement.
Control practices of high concern to S&P
- Reserve risks
- Catastrophe risk
- Reinsurance-recoverable risk
- Equity risk arising from embedded guarantees in insurance products
- Interest rate risks
- Insurance concentration and event risks
- Underwriting cycle management
- Corporate governance
- IT data security risk
A good extreme event risk-management programme includes…
a process of envisioning the impact of likely disasters through stress testing and scenario analysis.
This would evaluate the potential impact on the company’s reputation, liquidity and overall financial strength of specific catastrophic events, offset by the implementation of contingency plans.
Thorough post-mortem analyses of problem situations, with the results fed back into ongoing disaster-planning processes.
Risk models:
S&P will evaluate
- the quality of the risk models and indicative measures used
- the assumptions that underlie those models
- the treatment of risk-mitigation activities in those models
- the infrastructure to feed data to the models
- the procedures followed to run the models
- the validation process of the models.
S&P definition:
Economic capital
The amount of capital that is needed by an enterprise to provide support for retained risks of a company in a severe loss situations.
If companies use standard formulas without modification, S&P will view this as weak practice for 2 reasons:
- if the standardised formula significantly understates risk, a company using that value without modification will be subject to abrupt changes in its capital charges when the owner of the formula realises the inadequacy of the formula.
- companies that use standardised formulas without modifications will be likely to make poor decisions with regard to strategic choices affected by capital usage estimates and will not properly reflect the cost of risk capital in product pricing.
Primary drawback to economic capital
It encourages over-reliance on a single model and a single-number measure of risk.
Components of excellent strategic risk management
- Company retained risk profile
- Strategic asset allocation
- Product risk/reward
- Optimising risk-adjusted results
- Determining adjustments to company dividend payments
- Rewarding performance