S&P: Evaluating the ERM Practices of Insurance Companies

Question 1

S&P notes that ERM: (3)

Answer 1

• Allows a more prospective view of an insurer’s risk profile and capital needs
• Is a highly tailored analytic process that recognises each insurer’s unique:
• – structure
• – products
• – mix of business
• – potential earnings streams
• – cash flows
• – investment strategy
• Is a process that recognises the benefits and risks of a diversified base of:
  — products
  — investments, and
  — geographic spread of risk,
  that can quantify the benefits of uncorrelated or partially correlated risks.

Question 2

A company that practices risk management will:

Answer 2

• be working constantly to IDENTIFY risks
• regularly MONITOR the important risks
• have STANDARDS AND LIMITS in place for the amount and form of the risks that it is prepared to retain or tolerate
• have processes to MEASURE AND MANAGE its risks so as to stay within the limits formally agreed by senior management.

Question 3

The impact of effective risk management

Answer 3

Any losses that occur from retained risks are within the tolerances of the organisation.

Question 4

S&P definition:

Excellent ERM

Answer 4

Insurer has extremely strong capabilities to consistently
— identify,
— measure, and
— manage
risk exposures and losses within the company’s predetermined tolerance guidelines.

There is consistent evidence of the enterprise’s practice of optimising risk-adjusted returns.

Risk and risk management are always important considerations in the insurer’s corporate decision-making.

Question 5

2 Important factors in determining the importance of ERM

Answer 5

• the ability to absorb risks (as demonstrated by the capital and access to capital)
• the complexity of the risks of the insurer

Question 6

Complex risk

Answer 6

A risk that could change significantly in a short period of time with little obvious evidence of the change.

Question 7

For the purpose of evaluating risk management, S&P will look at a company’s processes in 5 areas:

Answer 7

• risk-management culture
• risk control
• extreme-event management
• risk and capital models
• strategic risk management

Question 8

S&P definition:

Risk-management culture

Answer 8

The degree to which risk and risk management are important considerations in all aspects of corporate decision making.

Question 9

4 Aspects of risk-management culture

Answer 9

• philosophy toward risk and its risk appetite
• governance and organisational structure of the risk-management function
• risk and risk-management external disclosures and internal communications
• degree to which there is broad understanding and participation in risk management across the company

Question 10

Favourable indicators of risk-management culture

Answer 10

• Company’s governance structure supports effective risk management through board access, authority, and management reporting relationships for risk managers.
• Company has a clearly articulated risk tolerance that is consistent with the goals and resources of the firm and the expectations of the board and other stakeholders.
• Corporate risk management responsibility rests with an influential, high-level officer.
• Board regularly receives, discusses, and understands reports on risk positions and the company’s risk-management programs.
• Risk-management staff is highly and appropriately qualified.
• Risk-management objectives are highly coordinated with business-line goals.
• Company incentive compensation supports the achievement of risk-management objectives.
• Risk-management policies and procedures are clearly stated and widely known.
• Information on risk management is widely communicated internally and externally to company management and stakeholders.
• Management views its risk-management capabilities as providing a competitive edge.
• Insurer actively learns from mistakes and loss situations. Policy and procedural changes are made to improve future risk management.
• Company makes limited changes to expectations when situations dictate.
• Management understands the basis for risk measures and risk-management programs and understands the strengths and limitations of those values and processes.
• Individual senior company managers have public responsibility for the management of specific major risks of the company.
• Risk measurement and monitoring is independent from risk taking and management.
• Remote offices and diverse business units all have approaches to risk taking and risk management consistent with the corporate views.

Question 11

6 Indicators of risk controls

Answer 11

• risk identification
• risk monitoring
• standards and limits
• risk management
• risk limit enforcement
• risk learning

Question 12

Favourable risk control indicators:

Risk identification

Answer 12

Company management has performed a process of identifying risk exposures and the most significant of those exposures.

Question 13

Favourable risk control indicators:

Risk monitoring

Answer 13

Company monitors all significant risks on a regular basis, with timely and accurate measures of risk.

Question 14

Favourable risk control indicators:

Standards and limits

Answer 14

Company has clearly documented limits and standards for risk taking and risk management that are widely understood within the company.

Question 15

Favourable risk control indicators:

Risk management

Answer 15

Company has clear programs in place that are regularly used to manage the risks that the company takes.

Question 16

Favourable risk control indicators:

Risk limit enforcement

Answer 16

Company has a process in place to see that risk limits and risk-management programs are followed as planned.

Exceeding limits has clear, predetermined, and effective consequences.

Question 17

Favourable risk control indicators:

Risk learning

Answer 17

Company has a loss post-mortem process to determine if its processes need improvement.

Question 18

Control practices of high concern to S&P

Answer 18

• Reserve risks
• Catastrophe risk
• Reinsurance-recoverable risk
• Equity risk arising from embedded guarantees in insurance products
• Interest rate risks
• Insurance concentration and event risks
• Underwriting cycle management
• Corporate governance
• IT data security risk

Question 19

A good extreme event risk-management programme includes…

Answer 19

a process of envisioning the impact of likely disasters through stress testing and scenario analysis.

This would evaluate the potential impact on the company’s reputation, liquidity and overall financial strength of specific catastrophic events, offset by the implementation of contingency plans.

Thorough post-mortem analyses of problem situations, with the results fed back into ongoing disaster-planning processes.

Question 20

Risk models:

S&P will evaluate

Answer 20

• the quality of the risk models and indicative measures used
• the assumptions that underlie those models
• the treatment of risk-mitigation activities in those models
• the infrastructure to feed data to the models
• the procedures followed to run the models
• the validation process of the models.

Question 21

S&P definition:

Economic capital

Answer 21

The amount of capital that is needed by an enterprise to provide support for retained risks of a company in a severe loss situations.

Question 22

If companies use standard formulas without modification, S&P will view this as weak practice for 2 reasons:

Answer 22

• if the standardised formula significantly understates risk, a company using that value without modification will be subject to abrupt changes in its capital charges when the owner of the formula realises the inadequacy of the formula.
• companies that use standardised formulas without modifications will be likely to make poor decisions with regard to strategic choices affected by capital usage estimates and will not properly reflect the cost of risk capital in product pricing.

Question 23

Primary drawback to economic capital

Answer 23

It encourages over-reliance on a single model and a single-number measure of risk.

Question 24

Components of excellent strategic risk management

Answer 24

• Company retained risk profile
• Strategic asset allocation
• Product risk/reward
• Optimising risk-adjusted results
• Determining adjustments to company dividend payments
• Rewarding performance

Question 25

Components of excellent strategic risk management:

Company retained risk profile

Answer 25

The economic capital for each product, business and risk type shows the retained risk profile of the company.

After seeing this profile, management might want to make plans to change the company’s concentrations of risks to improve diversification or to increase concentration of risk to take advantage of company expertise in managing a particular risk.

Question 26

Components of excellent strategic risk management:

Strategic asset allocation

Answer 26

Allocation of investment assets among major broad classes of investments can be influenced by the economic capital and the desired risk profile so that risk-adjusted return and diversification are modified in the direction that best suits company objectives.

Macro investment portfolio positions and clear discussion of the reasons for those positions relative to the exposure generated by insurance obligations are indicative of strong strategic risk management.

Question 27

Components of excellent strategic risk management:

Product risk/reward

Answer 27

The analysis that supports risk-adjusted pricing will provide management with full information regarding the risk/reward tradeoff that is involved in each product.

Choices can then be made to adjust that balance in some products or increase or decrease emphasis in the sales of other products.

Clear standards and practices of insurance product risk/reward tradeoffs are indicative of strong strategic risk management. In addition, management in a company with strong strategic risk management will be able to discuss the risk/reward tradeoffs that are fundamental to the most important company products.

Question 28

Components of excellent strategic risk management:

Optimising risk-adjusted results

Answer 28

The capital-budgeting process provides the information to allow management to choose the strategic alternatives that can provide the best return for the scarce capital resources of the company.

The use of economic capital modelling as a principal driver of the capital budgeting element in strategic planning is indicative of strong strategic risk management.

Question 29

Components of excellent strategic risk management:

Determining adjustments to company dividend payments

Answer 29

The risk-adjusted return and the capital-budgeting process will provide information on the risk-adjusted return that the company might produce for marginal changes in available capital.

The division between retained earnings and dividends would be set based on a minimally acceptable level of marginal return on risk-adjusted capital.

Companies with strong strategic risk management processes will pay attention to the dividend payment decision in their capital budgeting process and be able to discuss how that decision was made.

Question 30

Components of excellent strategic risk management:

Rewarding performance.

Answer 30

A risk-adjusted financial measurement system allows a company to monitor its success in achieving expected risk-adjusted returns.

Risk-adjusted financial measures also provide the company the information that can be used to reward the managers who are adding value and avoid rewarding managers who are primarily adding risk.

Performance recognition and incentive compensation linked to risk-adjusted financial results are indicative of strong strategic risk management.