S&P: Evaluating the ERM Practices of Insurance Companies Flashcards
S&P notes that ERM: (3)
- Allows a more prospective view of an insurer’s risk profile and capital needs
- Is a highly tailored analytic process that recognises each insurer’s unique:
- – structure
- – products
- – mix of business
- – potential earnings streams
- – cash flows
- – investment strategy
- Is a process that recognises the benefits and risks of a diversified base of:
— products
— investments, and
— geographic spread of risk,
that can quantify the benefits of uncorrelated or partially correlated risks.
A company that practices risk management will:
- be working constantly to IDENTIFY risks
- regularly MONITOR the important risks
- have STANDARDS AND LIMITS in place for the amount and form of the risks that it is prepared to retain or tolerate
- have processes to MEASURE AND MANAGE its risks so as to stay within the limits formally agreed by senior management.
The impact of effective risk management
Any losses that occur from retained risks are within the tolerances of the organisation.
S&P definition:
Excellent ERM
Insurer has extremely strong capabilities to consistently
— identify,
— measure, and
— manage
risk exposures and losses within the company’s predetermined tolerance guidelines.
There is consistent evidence of the enterprise’s practice of optimising risk-adjusted returns.
Risk and risk management are always important considerations in the insurer’s corporate decision-making.
2 Important factors in determining the importance of ERM
- the ability to absorb risks (as demonstrated by the capital and access to capital)
- the complexity of the risks of the insurer
Complex risk
A risk that could change significantly in a short period of time with little obvious evidence of the change.
For the purpose of evaluating risk management, S&P will look at a company’s processes in 5 areas:
- risk-management culture
- risk control
- extreme-event management
- risk and capital models
- strategic risk management
S&P definition:
Risk-management culture
The degree to which risk and risk management are important considerations in all aspects of corporate decision making.
4 Aspects of risk-management culture
- philosophy toward risk and its risk appetite
- governance and organisational structure of the risk-management function
- risk and risk-management external disclosures and internal communications
- degree to which there is broad understanding and participation in risk management across the company
Favourable indicators of risk-management culture
- Company’s governance structure supports effective risk management through board access, authority, and management reporting relationships for risk managers.
- Company has a clearly articulated risk tolerance that is consistent with the goals and resources of the firm and the expectations of the board and other stakeholders.
- Corporate risk management responsibility rests with an influential, high-level officer.
- Board regularly receives, discusses, and understands reports on risk positions and the company’s risk-management programs.
- Risk-management staff is highly and appropriately qualified.
- Risk-management objectives are highly coordinated with business-line goals.
- Company incentive compensation supports the achievement of risk-management objectives.
- Risk-management policies and procedures are clearly stated and widely known.
- Information on risk management is widely communicated internally and externally to company management and stakeholders.
- Management views its risk-management capabilities as providing a competitive edge.
- Insurer actively learns from mistakes and loss situations. Policy and procedural changes are made to improve future risk management.
- Company makes limited changes to expectations when situations dictate.
- Management understands the basis for risk measures and risk-management programs and understands the strengths and limitations of those values and processes.
- Individual senior company managers have public responsibility for the management of specific major risks of the company.
- Risk measurement and monitoring is independent from risk taking and management.
- Remote offices and diverse business units all have approaches to risk taking and risk management consistent with the corporate views.
6 Indicators of risk controls
- risk identification
- risk monitoring
- standards and limits
- risk management
- risk limit enforcement
- risk learning
Favourable risk control indicators:
Risk identification
Company management has performed a process of identifying risk exposures and the most significant of those exposures.
Favourable risk control indicators:
Risk monitoring
Company monitors all significant risks on a regular basis, with timely and accurate measures of risk.
Favourable risk control indicators:
Standards and limits
Company has clearly documented limits and standards for risk taking and risk management that are widely understood within the company.
Favourable risk control indicators:
Risk management
Company has clear programs in place that are regularly used to manage the risks that the company takes.