Topic 2 Flashcards
Regulatory Actions levels for Health RBC Ratios
Actions are based on the Health RBC Ratio (defined separate list)
- Company Action Level (ration between 150% and 200%) - requires that a company submit a corrective action plan
- Regulatory Action Level (ratio between 100% and 150%) - allows the commissioner to examine the company and issue an order specifying corrective actions
- Authorized Control Level (ratio between 70% and 100%) - Allows the commissioner to pl ace the company under regulatory control if deemed to be in the best interest of policyholders and creditors
- Mandatory Control Level (Ratio less than 70%) - requires the commissioner to take regulatory control of the company
Due to a trend test, insurers who have an RBC ratio between 200% and 300% and a combined ratio greater than 105% could trigger a company action level event
Skwire, Chapter 39, Page 679
Formula for Health RBC after Covariance
- RBCAC = H(0) + [ H(1)^2 + H(2)^2 + H(3)^2 + H(4)^2 ] ^ (1/2)
a) H(0) is the asset risk for affiliates - the risk that a stock investment in an affiliate may lose value
b) H(1) is the Asset Risk for Other Assets - the risk that investments may default or decrease in value
c) H(2) is the Underwriting Risk - THe risk of having inadequate premiums in the future
d) H(3) is the Credit Risk - the risk of not recovering the amounts owed to the insurer
e) H(4) is the Business Risk - includes several miscellaneous types of risk, such as administrative expense risk and excessive growth risk - Authorized control level capital = RBCAC / 2
- Health RBC Ratio = total adjusted capital / authorized control level capital
Skwire Chapter 39, Page 682
Formulas for the H(2) (Underwriting risk) component of Health RBC
- Underwriting Risk = Claim Experience Fluctuation Risk + Other Underwriting Risk
- Claim Experience Fluctuation Risk is the sum of risk charges f or five product groupings (comprehensive, Med Sup, Dental/Vision, Medicare Part D, and other)
a) For each grouping, the risk charge = premium * ratio of incurred claims to premium * risk factor * managed care risk adj factor
b) The last two components of this formula are pulled from tables o f factors (separate list) - Other Underwriting Risk includes:
a) Coverages not included in claim experience fluctuation risk, such as:
i) Disability income (separate list for calcs)
ii) LTC (separate list for calcs)
iii) Miscellaneous coverage types, such as stop loss, hospital indemnity, and AD&D
b) Adjustments for rate guarantees and premium stabilization reserves
Skwire Chapter 39, Page 683
Calculation of Risk Factors (Part of Claim Fluctuation Risk Charge)
Risk Factors are part of the formula for claim experience fluctuation risk charge
- The factor is based on the type of coverage and the amount of annual underwriting revenue
- For each coverage type, a weighted average of the following factors is calculated based on the amount of revenue in each tier
Coverage Type: Comp Med/Hospital
$00 - 03M - 15%;
$03 - 25M - 15%;
$25M+ - 9%
Medicare Supp
$00 - 03M - 10.5%
$03 - 25M - 6.7%
$25M+ - 6.7%
Dental/Vision
$00 - 03M - 12.0%
$03 - 25M - 7.6%
$25M+ - 7.6%
Medicare Part D
$00 - 03M - 25.1%
$03 - 25M - 25.1%
$25M+ - 15.1%
Other
$00 - 03M - 13.0%
$03 - 25M - 13.0%
$25M+ - 13.0%
Skwire Chapter 39, Page 684
Calculation of manged care risk adjustment factors
Manged care risk adjustment factors are part of the formula for claim experience fluctuation risk charge
- The managed care risk adjustment factors are 1 - Discount Factor shown below
- All claims paid over the previous 12 months are assigned to the following categories, and a weighted average fo the factors in the table below is calculated
- The overall adjustment factor is applied to all product groupings except Medicare Part D and Other
Category/Description & Discount Factor:
0 - Arrangements not included below - 0%
1 - Contractual Fee payments (FS, PerDiem) - 15%
2 - Bonus/Withhold - Varies (.08% to 15%)
3 - Capitation - 60%
4 - Non-contingent expenses - 75%
Skwire Chapter 39, Page 684
Calculation of risk charge for disability income
The Risk Charge is the sum of:
- A factor multiplied by earned premium. The factors vary by coverage:
Non-Cancelable Individual
0-50M: 35%
50M+: 15%
Other Individual
0-50M: 25%
50M+: 7%
Group Long-Term
0-50M: 15%
50M+: 3%
Group Short-Term
0-50M: 5%
50M+: 3%
a) In applying factors, both individual products are combined, and both group products are combined, but the individual and group products are not combined with one another
b) For each of individual and group, the largest factor is applied first
- 5% of Claim reserves
Skwire Chapter 39, Page 685
Calculation of Risk Charge for LTC
The risk charge is the sum of:
- For earned premium, 10% of the first $50M, 3% of the excess, and an additional 10% for non-cancelable premiums
- For incurred claims, one factor (usually 25%) for the first $35 million, and another factor (usually 8%) for the excess
- 5% of the claim reserves
Skwire Chapter 39, Page 686
Procedures and uses of the simplified RBC Estimations
This RBC is referred to as RBCAC in Skwire 39
- For health insurance, if h2 is the dominant risk:
i) At the limit, as the other risks go to zero, the RBC will be equal to h2
2. A result of this is: When H2 is dominant and the other risks are negligible: RBC Ratio(New) ~= RBC Ratio (prior) * ( Prior H2 / New H2) i) While not precise, one can quickly determine the outer limits of any changes to future RBC ratios with the use of simplified assumptions
- Midyear estimates of RBC Changes can be easily made
- Estimation can be used to quantify (or reconcile) various changes
a) Material emerging information
b) Asset mix changes
c) Customer portfolio changes
d) Income gains and losses
e) Unmet assumptions
GHS-128-19, Page 1
Categories of Risk faced by Organizations
- Market Risk - Risk inherent from exposures to capital markets (e.g. fluctuations in value of assets held)
- Economic Risk - E.g. Price and salary inflation
- Interest rate risk - the risk arising from unanticipated changes in the overall level of interest rates or in the shape of the yield curve
- Foreign exchange risk - the risk when cash flows received are in a currency different from the cash flues due
- Credit risk - default risk (e.g. default on loans or a reinsurer failure)
- Liquidity risk - the risk that a firm cannot easily trade its assets or that it cannot raise additional financing when required
- System risk - the risk of failure of a financial system
- Demographic Risk
a) Mortality Risk - Risk that a portfolio will suffer from mortality being greater than expected (negatively affects life insurance)
b) Longevity risk - the risk that a portfolio will suffer from mortality being less than expected (negatively affects pension and annuity business) - Non-life insurance risk - the risk related to the incidence of claims and their intensity
- Environmental risk - the risk that a firm’s activities will have an adverse effect on the environment
- Operational Risk - The risk of loss resulting form inadequate or failed processes, people, and systems, or from external events (separate list)
- Residual risks - risks that remain once action has been taken to treat a risk - for example, if an interest rate swap is used to reduce exposure to changes in interest rates, the residual risk is that the bank will not be able to make its payments on the swap
- Basis risk - e.g., the risk of an imperfect hedge in an interest rate swap
Sweeting Chapter 7, Page 103
Types of Systemic Risks
(F)inancial Infrastructure - e.g., a bank unable to pay back loans from other banks
(L)iquidity Risk - Can become Systemic if a run on bank occurs
Common (m)arket positions - feedback risk is the risk that a change in an investment’s price will result in further changes in the same direction. This could then impact all investors who have common investment positions
Exposure to a (c)ommon counter-party - the risk that a relatively small failure will cascade through several layers of investors.
Market CLiFf (M CLF)
Sweeting Chapter 7, Page 107
Types of demographic (mortality or longevity) and non-life insurance risk
- (L)evel Risk (for life insurance) or (U)nderwriting Risk (for non-life insurance - Risk that the average level of claims of a particular population will differ from what was assumed
- (V)olatility Risk - the risk of claims differing from assumed due to volatility in a small population
- (C)atastrophic risk - the risk of large losses due to some significant event (such as a natural disaster)
- (T)rend Risk - The risk that claims rates will change unexpectedly from current levels
TLUVC (Tender LUV & Care)
Sweeting Chapter 7, Page 110
Basel Committee definitions of types of operation risk
(I)nternal Fraud - acts which involve at least on internal party and that are intended to defraud, misappropriate property, or circumvent the law
(E)xternal fraud - acts by a third party that are intended to defraud, misappropriate property, or circumvent law
(E)mployment practices and workplace safety - the risk related to employee relations, workplace safety, and diversity and discrimination
(C)lients, products, and business practices - losses may arise from a failure to meet a professional obligation to specific clients. The firm must ensure that products sold are suitable for the clients to whom they are sold
(D)amage to Physical Assets - the risk that an organization will suffer financial losses due to some form of physical damage to its property
Business (D)isruption and system failures - the risk that an external event will affect the physical ability of a firm to carry on business at its normal place of work
(E)xecution, delivery, and process management - the risk of a failure in a process. This might lead at best to embarrassment, and at worst to litigation
E DECIDE (External DECIDEs, since basil is external)
Sweeting Chapter 7, Page 1 13
Other Definitions of Operational Risks
Crime Risk - This results from the dishonest behavior of individuals (theft, fraud, hacking, arson)
Technology risk - risk of a technology failure, including loss or disclosure of confidential information, data corruption, and computer system failure
Cyber Risk - The failure of information technology systems, typically where there is online activity (e.g., theft of client lists)
Regulatory risk - risk that an organization will be negatively impacted by a change in legislation or regulation, or that it will fail to comply with current legislation or regulation
People Risk (separate list)
Legal Risk - risk arrising from poorly-drafted legal documents
Model Risk - Risk that financial models used to assess risk or otherwise help make financial decisions are flawed
Data risk - the risk of using poor data
Reputational risk - the failures related to other risks can lead to a loss of confidence in the organization and subsequent loss of business
Project risk - refers to all of various operational risks in the context of a particular project
Strategic risk - the risk that the organization will not make a conscious decision of what its strategy is and how it intends to implement it.
Sweeting Chapter 7, Page 117
Types of people risk
- Indirect employment-related risks - the risk that the wrong people are employed, retained, or promoted
- Adverse selection - the risk that the demand for insurance will be positively correlated with the risk of loss
- Moral hazard - the risk that people who are insured will be less likely to avoid risk
- Agency risk - the risk that a party that is appointed to act on behalf of another will instead act on its own behalf
- Bias - a type of systemic risk
a) Deliberate bias can arise if key risks are intentionally omitted or downplayed
b) Unintentional bias may occur due to overconfidence in one’s ability to complete a difficult task
Sweeting Chapter 7, Page 119
Broad Areas in the risk identification Process
- Risk Identification Tools (separate List)
- Risk identification techniques (separate list)
- Assessment of the Nature of the risks
a) Quantifiable risks can be modeled
b) Unqquantifiable risks can often be analyzed by the groupings that identify them - Recording risks in a risk register - the register details all of the risks faced by the organization. It should be constantly updated to reflect the changing nature of risks and the evolving environment
Sweeting Chapter 8, Page 126
Risk Identification Tools
S - (S)WOT Analysis - Identifies the organizations:
a) Strengths (e.g. market dominance, economies of scale, effective leadership)
b) Weaknesses (e.g. high costs, lack of direction, financial weakness)
c) Opportunities (e.g., innovation, additional defand, cheap funding)
d) Threats (e.g., new competitors, price pressure, falling liquidity, increased regulation)
C - Risk (C)hecklists - lists that are used as a reference for identifying risks in a particular organization or situation
P - Risk (P)rompt lists - similar to checklists, but rather than seeking to pre-identify every risk, they simply identify categories of risk that should be considered
T - Risk (T)axonomy - More detailed than a prompt list, containing a description and categorization of all risks that might be faced
T - Risk (T)rigger questions - lists of situations or areas in an organization that can lead to risk
C - (C)ase studies - can suggest specific risks to consider particularly if there are similarities to the organization in the case study
P - Risk-focused (P)rocess analysis - involves constructing flow charts for every process used by the organization and analyzing the points at which risks can occur
Mnemonic: PC CPT ST (PC/ComPuTer Shows Tools)
Sweeting Chapter 8, page 126
Risk Identification Techniques
B - (B)rainstorming - this is unrestrained or unstructured group discussion. Drawback could be freeriders, logistics, and convergent thinking
I - (I)ndependent group analysis - without collaboration, all participants write down ideas on risks that might arise. These ideas are aggregated and there is a discussion. Risks are then anonymously ranked. Could be biased based on group makeup.
S - (S)urveys - participants are given a list of questions about different aspects of the organization to try to draw out the risks faced. Drawback could be low response rate
G - (G)ap Analysis - consists of a survey that asks two types of questions: The desired level of risk exposure and the actual level of exposure
D - (D)elphi technique - begin with an initial survey of experts who comment on risks anonymously and independently. Is followed by subsequent surveys that are based on earlier responses. Continues until there is a consensus or stalemate
I - (I)nterviews - individuals are interviewed independently to identify the organization’s risks. High potential for framing questions and time consuming
W - (W)orking groups - comprised of a small number of individuals who have familiarity with the risks identified. They investigate more fully the risks which have been identified already
Mnemonic - BID SWIG (BID for a SWIG of alcohol, then start brainstorming!)
Sweeting Chapter 8, Page 129
Information to include for reach entry in the risk register
I - A Unique Identfier
C - The Category within which the risks falls within the risk falls
D - The date of assessment for the risk
D - A clear description of the risk
Q - Whether the risk is quantifiable
L - Information on the likelihood of the risk
S - Information on the severity of the risk
P - The period of exposure o the risk
S - The current status of the risk
S - Details of scenarios where the risk is likely to occur
O - Details of other risks to which this risk is linked
R - The risk responses implemented
C - The cost of the responses
R - Details of residual risks
T - The timetable and process for review of the risk
O - The risk owner
A - The entry author
Mnemonic - CO SPORTS CAR SLID DQ (COmpany SPORTS CAR SLID, resulting in DQ)
Sweeting Chapter 8, Page 133
Processes of an internal economic capital model
A - To determine how much capital a firm should hold to protect it against (A)dverse e vents
S - Better Understanding of Financial Implications of Current (S)trategy
P - To (p)rice new products
A - Decide how to allocate capital across business lines
D - To assess the amount of economic capital that should be held as products (D)evelop over time
I - To assess the impact of changes in (I)nvestment strategy and capital structure
O - Optimal Mixes of assets and funding sources
E - To look at how an organization copes in the face of (E)xtreme events
P - To help measure performance
D - To carry out due diligence for corporate transactions
R - To provide information on the financial state of the organization to the regulator
Mnemonic - DOES I AP A PDR (DOES It APpear A PDR is needed)
Sweeting Chapter 18, Page 482
Considerations for designing an economic capital model
F - Must agree on what the model will be used (F)or
R - Must agree on what (R)isks will be modeled
A,T,D,S - Must decide which (A)pproach to use
a) Factor (T)able - requires a certain amount of capital to be held for each unit of a particular strategy
b) (D)eterministic approach - stress test that considers the amount a firm would lose under different scenarios
c) (S)tochastic approach - use a stochastic, parametric, or empirical model to produce a large number of simulated results
E - Decide whether the model will be run on an (E)nterprise-wide basis, or whether individual models will be run for each business line with the results being combined later
- Consider what (O)utput is required from the model
Mnemonic - Design a model FOR DATES
Sweeting Chapter 18, Page 482
Economic Capital and risk optimization measures
Definition of Economic Capital - The additional values of funds needed to cover potential outgoings, falls in asset values, and rises in liabilities at some given risk tolerance over a specified time horizon
- Risk-adjusted return on capital (Ra) = Risk-adjusted return / economic capital. Is well suited for comparing different lines of business within a firm.
- Economic Income Created (EIC) = (Ra - Rh) * EC, where Rh is the hurdle rate of return and EC is the economic capital. Is the rate of return that each unit of a product sold must earn to cover the additional amount of risk it generates.
- Shareholder Value (SV) = EC * (Ra - Rg) / (Rh - Rg) where Rg is the rate of growth of the cash flows. Represents the discounted present value of all future cash flows.
- Shareholder value added (SVA) = EC * [(Ra - Rg) / (Rh - Rg) - 1] = SV - EC
Sweeting Chapter 18, Page 386
Options for allocated the benefits of diversification
- Allocating the full stand-alone capital requirement to each line and retaining the diversification benefit centrally
- Giving the full benefit of diversification to the new line of business that triggers the benefit
- Allocate the benefit in proportion to the stand-alone capital requirements by line of business
- Euler capital allocation principle - consider the marginal contribution of each additional unit of business to the overall capital required. For example, if the required economic capital is proportional to the standard deviation of a loss, then allocate risk capital for a given line of business in proportion to the following ratio:
a) The covariance between the loss in that line and the total loss
b) Divided by the standard deviation of the total loss - Book goes into VAR and TAIL Var - Maybe take a quick look
Sweeting Chapter 18, Page 488
S&P Approach for Assessing Insurance Companies ERM Practices
- The S&P Analysis Examines whether insurers execute risk management practices in a systematic, consistent, and strategic manner across the enterprise in order to limit future losses within an optimal risk reward framework
- The analysis is tailored to each insurer’s risk profile
- Five man areas (sub factors) are scored as positive, neutral, or negative (separate list)
- Then the insurer’s ERM is scored based on the assessments of the five subfactors. The guidelines for the different overall scores are:
a) 1 - Very Strong - positive score for all subfactors and economic capital model is assessed as good or superior
b) 2 - Strong - the risk management culture, risk controls, and strategic risk management subfactors are scored positive, one or both of the other two subfactors is scored neutral, and no subfactor is scored negative.
c) 3 - Adequate with strong risk control - the risk controls subfactor is scored positive, the strategic risk management subfactor is scored neutral, and no subfactor is scored negative.
d) 4. Adequate - the risk controls and risk management subfactors are all scored at least neutral, but overall the insurer doesn’t satisfy the requirement for adequate with strong risk control
e) 5 - Weak - one or both of the risk control and risk management culture subfactors are scored negative.
GHS-121-18, Page 3
Subfactors scored in S&P analysis of an insurer’s ERM
- Risk management culture - the analysis of this subfactor focuses on the importance of ERM in all key aspects of the insurer’s business operations and corporate decision-making
- Risk Controls - this subfactor analyzes the processes and procedures insurers employ to manage their key risk exposures within certain general categories (separate list for scoring this subfactor)
- Emerging Risk management - this subfactor analyzes how the insurer addresses risks that are not a current threat to creditworthiness, but could become a threat in the future. It also assesses the insurer’s level of preparedness if those emerging risks materialize
- Risk Models - the analysis of this subfactor focuses on assessing the robustness, consistency, and completeness of the insurer’s risk models
- Strategic Risk Management - this subfactor assesses the insurer’s program to optimize risk-adjusted returns and to evaluate and prioritize strategic options on a level playing field
GHS-121-18, Page 4
Examples of Criteria that indicate positive scores for ERM subfactors
(S&P uses various criteria to determine scores. The following is just one example for each subfactor)
Risk management culture - ERM is well entrenched in the organization with a formal ERM framework, an independent and well-staffed ERM department, and active Board participation
Risk Controls - The insurer has identified all material risks from all sources and frequently monitors its risk exposures with multiple metrics
Emerging risk management - the insurer has well-established processes for identifying and monitoring emerging risks, analyzing their significance, and preparing for and/or mitigating them
Risk models - the insurer’s models capture all material risk and risk interrelations in aggregating exposures
Strategic Risk Management - the insurer has a track record of consistently using a risk vs. reward decision-making framework to optimize risk-adjusted returns to an enterprise level
GHS-121-18, Page 6
Examples of criteria that indicate negative scores for ERM subfactors
(S&P uses various criteria to determine scores. The following is just once example for reach subfactor)
Risk Management Culture - ERM is not practiced, or is practiced inconsistently across the enterprise with limited board participation
Risk Controls - the insurer does not consistently identify and monitor its key risk exposures
Emerging Risk Management - the insurer doesn’t have processes for identifying and evaluating emerging risks
Risk Models - the insurer doesn’t use risk models or the risk models fail to capture major risks
Strategic Risk Management - the insurer does not optimize risk-adjusted returns, and risk/reward analysis is not adequately reflected in decision making
GHS-121-18, Page 6
Key Areas of an Insurer’s Risk Management Culture (S&P Analysis)
(S&P analysis of this subfactor focuses on indicators in these key areas)
Risk Governance and Organization Structure - a positive risk management culture is typically characterized by a well-defined and independent ERM governance structure that supports effective risk management at an enterprise level
Risk appetite framework - insurers should have a well-defined risk appetite framework that supports the effective selection of risks. Insurers must have the ability to limit their risk exposure within their chosen risk tolerances
Risk reporting and communication - a positive score typically is consistent with extensive and clear communications around the insurer’s risk exposures and ERM practice
Incentive compensation structures - a positive score is associated with a compensation structure that is aligned with metrics that encourage long-term goals, rather than incentivizing excessive risk taking
GHS-121-18, Page 8
S&P Approach for Scoring an Insurer’s Risk Controls Subfcactor
Risk Controls of each of the insurer’s material risks are scored first (see separate list for examples of criteria used). The major risks, which each receive an individual risk control score, are the following general categories:
a) Credit Risk
b) Interest Rate Risk
c) Market Risk
d) Insurance Risk
e) Operational Risk
The individual risk controls scores then determine the overall risk controls score, as follows:
a) Positive - risk controls of material risks are predominantly scored positive, and no risk controls of an individual risk is scored negative
b) Negative - one or more risk controls of material risks is scored negative
c) Neutral - all other combinations
Each Risk’s relative importance to the insurer’s overall risk profile determines its weight in the overall score
GHS-121-18, Page 10
Definitions related to risk used in the S&P analysis of ERM
- Risk Appetite - the framework that establishes the risks that the insurer wishes to acquire, avoid, retain, and/or reduce
- Risk preferences - qualitative risk appetite statements that guide the insurer in the selection of risks
- Risk tolerances - quantitative risk appetite statements that guides the insurer in the selection of risks. These statements typically specify maximum acceptable losses and are often probabilistic in nature
- Risk limits - quantitative boundaries that constrain specific risk-taking activities
GHS-121-18, Page 14
Examples of favorable indicators when determining individual risk control scores for major risks
(one example is shown here for each aspect of the risk control process)
Risk Identification - insurer has a comprehensive process of identifying all risk exposures
Risk measurement and monitoring - insurer monitors all significant risks on a regular basis, using multiple measures
Risk standards and limits - insurer has clearly documented comprehensive risk limits, risk standards, and early warning systems for risk taking and risk management
Risk management - insurer has formal programs in place and uses multiple strategies to proactively manage the risks within tolerances
Risk limit enforcement - insurer has clear processes to correct a breach of risk limits and to respond to early warning limits within a prescribed time limit
Risk Learning - insurer has a defined process to analyze and learn from pas losses, near-mistakes, and successes
GHS-121-18, page 15
Examples of major risks that get an individual risk control score
Examples of major risks that get an individual risk control score
Credit Risk - Exposures from incurring economic losses caused by default of another company on that company’s obligations, or losses from preceived/actual deterioration in another company’s creditworthiness
Interest Rate Risk - Most significant in cases where asses/liabilities are long term, or product profitability sensitive to asset performance
Market Risk - mostly focused on exposure to equity, real estate, and foreign exchange risk
Life & Health Insurance - Key Risks
Life Insurers Main Risks
a) Policyholder Behavior Risks
b) Mortality Risk
c) Longevity Risk
d) Morbidity Risk
Health Insurer Main Risk
a) Morbidity Risk
TIA Video on GHS-121
P&C Risks - Reserve and Claims Management Risks
Add Pricing, Cycle Management, Underwriting, Catastrophe
Reserve Risks
a) Loss Reserves - Estimate of funds needed to fulfill claims from prior policies; Largest source of uncertainty for P&C insuerers
b) Reserving Risk
i) Level needed to meet all liabilities
ii) Timing of liabilities
Claims Management Risks - When claims paid deviate from expected due to:
a) Irregularities in claim mgmt process
b) Insufficient rigors to claims process
c) unexpected legislative/regulatory/judicial intervention
Risk Control Assessment Focus - How well does insurer manage uncertainty around loss reserves and claims mgmt:
a) Process
b) Controls
c) Reviews used
TIA Video on GHS-121
Health Insurance - Risk Assessments
Risk Control #1 - Underwriting
Positive - Disciplined Process, Defined limits
Neutral - not as comprehensive
Negative - limits/process blurry
Risk Control #2 - Pricing
Positive - Active monitoring of experience; Feedback; Prompt adjustments and staggered renewals
Neutral - Mainly reactive
Negative - Assumptions updated infrequently
Risk Control #3 - Trend Analysis
Positive - ongoing review, mitigation strategies, multiple forecasting techniques
Neutral - Not very sophisiticated
Negative - no system to identify trends / developments
Risk Control #4 - Reinsurance and Risk Limits
Positive - Carefully select to balance retention and transfer
Neutral - cost-benefit analysis not robust
Negative - Reinsurance not considered, large risk concentration
Risk Control #5 - Providers
Positive - multiple providers in portfolio. Effective communication with regulators.
Neutral - Network not as diversified
Negative - Highly concentrated, limited service offerings
Risk control #6 - Negotiation Power
Positive - Pricing power to negotiate favorable terms
Neutral - Same power, but lacks ability
Negative - Very little pricing power
Risk Control #7 - Policy Provisions
Positive - standard, consistent
Neutral - Sometimes exceptions
Negative - inconsistent terms
Risk Control #8 - Claims Management
Positive - Judicious reviews/audits of claims mgmt
Neutral - Feedback loop not very effective
Negative - Reviews/audits infrequent. Past issues not identified; longer than expected claism prcoess
Risk Control #9 - Compensation
Positive - Incentive structure balances risks/rewards from performance targets
Neutral - No incentives to chase top-line results
Negative - compensation flawed/outdated and not aligned with incentives.
TIA Video on GHS-121
Operational Risk - Definition and Common Controls
Operational Risk
a) Inadequate or failed internal processes, people, and systems or from external events
b) Includes:
- Information Technology
- Business Continuity Process
- Environmental Issues
- Regulation
- Compliance
- Fraud
- Terrorism
- Human Resources
- Change Management
- Distribution
- Outsourcing
Key Elements Essential to Operational Risk Controls
a) Procedures in place to identify, monitor, assess, and mitigate operational risks
b) Sound BCP (Business Continuity Plan) that has been drilled
- BCP - Process and procedures insurer would follow to limit the adverse impact of an event
Risk Control Assessment
a) Risk Control #1 - Risk Identification (Systematic Focus)
b) Risk Control #2 - Business Continuity and Disaster Recovery (plan In place and tested)
c) Risk Control #3 - Operational Losses (Major Losses and learning from them)
d) Risk Control #4 - Risk Monitoring and Risk Limits (Owners, mitigation action/Monitoring)
e) Risk Control #5 - Documentation and Compliance (Comprehensive, clear, and internal audit)
TIA Video on GHS-121
Definition and key principles of Enterprise Risk Management (ERM)
Definition - ERM is a structured analytical process that focuses on identifying and eliminating the financial impact and volatility of a portfolio of risks, rather than focusing on risk avoidance alone. It is integrated risk management.
Essential principles of ERM
- ERM Recognizes a broad range of risks confronted by the organization and acknowledges that those risks represent either sources of capital or potential for losses
- A comprehensive or “holistic” approach is critical for managing diverse risks. An enterprise-wide view recognizes all of the potential threats to the organization’s objectives and recognizes that risks are not isolated
GHS-123-18, Page 1
Domains of risk recognized by ERM
- (O)perational - risk related to the organization’s core business, including its systems and practices. Examples include clinical services and outpatient care
- (F)inancial - risks related to the organization’s ability to earn, raise, or access capital, as well as costs associated with its transfer of risk. Examples include bonds and insurance premiums.
- (H)uman - Risks related to recruiting, retaining, and managing workforce. Examples include Worker’s comp, turnover, unionization, and discrimination
- (S)trategic - risks related to the ability of the organization to grow and expand. Examples include join ventures and customer satisfaction
- (L)egal or regulatory - risks related to health care statutory and regulatory compliance, licensure, and accreditation. Examples include HIPAA compliance and OSHA regulations.
- (T)echnological - risk associated with biomedical and information technologies, equipment, devices, and telemedicine. Examples include clinical information systems and off-site monitoring of critical care units.
Mnemonic - H F LOST (He Felt LOST looking at domains)
GHS-123-18, Page 2
How ERM differs from Traditional Risk Management
- Traditional health care risk management examines risks individually
a) This approach maintains that risks are best manged within functional silos and that sharedholder value is maximized through risk transfer
b) But this approach fails to appreciate relationships among risks. And it lacks the optimization of collective risk management through an enterprise approach. - ERM uses common metrics across risk domains to determine the effectiveness of risk management approaches. With an integrated, enterprise-wide view of risk, the risk manager focuses on opportunities as well as risks
GHS-123-18, Page 2
