S&P: Evaluating the ERM Practices of Insurance Companies Flashcards
S&P notes that ERM: (3)
- Allows a more prospective view of an insurer’s risk profile and capital needs
- Is a highly tailored analytic process that recognises each insurer’s unique:
- – structure
- – products
- – mix of business
- – potential earnings streams
- – cash flows
- – investment strategy
- Is a process that recognises the benefits and risks of a diversified base of:
— products
— investments, and
— geographic spread of risk,
that can quantify the benefits of uncorrelated or partially correlated risks.
A company that practices risk management will:
- be working constantly to IDENTIFY risks
- regularly MONITOR the important risks
- have STANDARDS AND LIMITS in place for the amount and form of the risks that it is prepared to retain or tolerate
- have processes to MEASURE AND MANAGE its risks so as to stay within the limits formally agreed by senior management.
The impact of effective risk management
Any losses that occur from retained risks are within the tolerances of the organisation.
S&P definition:
Excellent ERM
Insurer has extremely strong capabilities to consistently
— identify,
— measure, and
— manage
risk exposures and losses within the company’s predetermined tolerance guidelines.
There is consistent evidence of the enterprise’s practice of optimising risk-adjusted returns.
Risk and risk management are always important considerations in the insurer’s corporate decision-making.
2 Important factors in determining the importance of ERM
- the ability to absorb risks (as demonstrated by the capital and access to capital)
- the complexity of the risks of the insurer
Complex risk
A risk that could change significantly in a short period of time with little obvious evidence of the change.
For the purpose of evaluating risk management, S&P will look at a company’s processes in 5 areas:
- risk-management culture
- risk control
- extreme-event management
- risk and capital models
- strategic risk management
S&P definition:
Risk-management culture
The degree to which risk and risk management are important considerations in all aspects of corporate decision making.
4 Aspects of risk-management culture
- philosophy toward risk and its risk appetite
- governance and organisational structure of the risk-management function
- risk and risk-management external disclosures and internal communications
- degree to which there is broad understanding and participation in risk management across the company
Favourable indicators of risk-management culture
- Company’s governance structure supports effective risk management through board access, authority, and management reporting relationships for risk managers.
- Company has a clearly articulated risk tolerance that is consistent with the goals and resources of the firm and the expectations of the board and other stakeholders.
- Corporate risk management responsibility rests with an influential, high-level officer.
- Board regularly receives, discusses, and understands reports on risk positions and the company’s risk-management programs.
- Risk-management staff is highly and appropriately qualified.
- Risk-management objectives are highly coordinated with business-line goals.
- Company incentive compensation supports the achievement of risk-management objectives.
- Risk-management policies and procedures are clearly stated and widely known.
- Information on risk management is widely communicated internally and externally to company management and stakeholders.
- Management views its risk-management capabilities as providing a competitive edge.
- Insurer actively learns from mistakes and loss situations. Policy and procedural changes are made to improve future risk management.
- Company makes limited changes to expectations when situations dictate.
- Management understands the basis for risk measures and risk-management programs and understands the strengths and limitations of those values and processes.
- Individual senior company managers have public responsibility for the management of specific major risks of the company.
- Risk measurement and monitoring is independent from risk taking and management.
- Remote offices and diverse business units all have approaches to risk taking and risk management consistent with the corporate views.
6 Indicators of risk controls
- risk identification
- risk monitoring
- standards and limits
- risk management
- risk limit enforcement
- risk learning
Favourable risk control indicators:
Risk identification
Company management has performed a process of identifying risk exposures and the most significant of those exposures.
Favourable risk control indicators:
Risk monitoring
Company monitors all significant risks on a regular basis, with timely and accurate measures of risk.
Favourable risk control indicators:
Standards and limits
Company has clearly documented limits and standards for risk taking and risk management that are widely understood within the company.
Favourable risk control indicators:
Risk management
Company has clear programs in place that are regularly used to manage the risks that the company takes.
Favourable risk control indicators:
Risk limit enforcement
Company has a process in place to see that risk limits and risk-management programs are followed as planned.
Exceeding limits has clear, predetermined, and effective consequences.
Favourable risk control indicators:
Risk learning
Company has a loss post-mortem process to determine if its processes need improvement.
Control practices of high concern to S&P
- Reserve risks
- Catastrophe risk
- Reinsurance-recoverable risk
- Equity risk arising from embedded guarantees in insurance products
- Interest rate risks
- Insurance concentration and event risks
- Underwriting cycle management
- Corporate governance
- IT data security risk
A good extreme event risk-management programme includes…
a process of envisioning the impact of likely disasters through stress testing and scenario analysis.
This would evaluate the potential impact on the company’s reputation, liquidity and overall financial strength of specific catastrophic events, offset by the implementation of contingency plans.
Thorough post-mortem analyses of problem situations, with the results fed back into ongoing disaster-planning processes.
Risk models:
S&P will evaluate
- the quality of the risk models and indicative measures used
- the assumptions that underlie those models
- the treatment of risk-mitigation activities in those models
- the infrastructure to feed data to the models
- the procedures followed to run the models
- the validation process of the models.
S&P definition:
Economic capital
The amount of capital that is needed by an enterprise to provide support for retained risks of a company in a severe loss situations.
If companies use standard formulas without modification, S&P will view this as weak practice for 2 reasons:
- if the standardised formula significantly understates risk, a company using that value without modification will be subject to abrupt changes in its capital charges when the owner of the formula realises the inadequacy of the formula.
- companies that use standardised formulas without modifications will be likely to make poor decisions with regard to strategic choices affected by capital usage estimates and will not properly reflect the cost of risk capital in product pricing.
Primary drawback to economic capital
It encourages over-reliance on a single model and a single-number measure of risk.
Components of excellent strategic risk management
- Company retained risk profile
- Strategic asset allocation
- Product risk/reward
- Optimising risk-adjusted results
- Determining adjustments to company dividend payments
- Rewarding performance
Components of excellent strategic risk management:
Company retained risk profile
The economic capital for each product, business and risk type shows the retained risk profile of the company.
After seeing this profile, management might want to make plans to change the company’s concentrations of risks to improve diversification or to increase concentration of risk to take advantage of company expertise in managing a particular risk.
Components of excellent strategic risk management:
Strategic asset allocation
Allocation of investment assets among major broad classes of investments can be influenced by the economic capital and the desired risk profile so that risk-adjusted return and diversification are modified in the direction that best suits company objectives.
Macro investment portfolio positions and clear discussion of the reasons for those positions relative to the exposure generated by insurance obligations are indicative of strong strategic risk management.
Components of excellent strategic risk management:
Product risk/reward
The analysis that supports risk-adjusted pricing will provide management with full information regarding the risk/reward tradeoff that is involved in each product.
Choices can then be made to adjust that balance in some products or increase or decrease emphasis in the sales of other products.
Clear standards and practices of insurance product risk/reward tradeoffs are indicative of strong strategic risk management. In addition, management in a company with strong strategic risk management will be able to discuss the risk/reward tradeoffs that are fundamental to the most important company products.
Components of excellent strategic risk management:
Optimising risk-adjusted results
The capital-budgeting process provides the information to allow management to choose the strategic alternatives that can provide the best return for the scarce capital resources of the company.
The use of economic capital modelling as a principal driver of the capital budgeting element in strategic planning is indicative of strong strategic risk management.
Components of excellent strategic risk management:
Determining adjustments to company dividend payments
The risk-adjusted return and the capital-budgeting process will provide information on the risk-adjusted return that the company might produce for marginal changes in available capital.
The division between retained earnings and dividends would be set based on a minimally acceptable level of marginal return on risk-adjusted capital.
Companies with strong strategic risk management processes will pay attention to the dividend payment decision in their capital budgeting process and be able to discuss how that decision was made.
Components of excellent strategic risk management:
Rewarding performance.
A risk-adjusted financial measurement system allows a company to monitor its success in achieving expected risk-adjusted returns.
Risk-adjusted financial measures also provide the company the information that can be used to reward the managers who are adding value and avoid rewarding managers who are primarily adding risk.
Performance recognition and incentive compensation linked to risk-adjusted financial results are indicative of strong strategic risk management.
