Types of Risk and Identification

Question 1

Categories of risk faced by organizations (9)

Answer 1

1. Market risk - the risk inherent from exposure to capital markets (eg, fluctuations in value of assets held)
   a. Interest rate risk - the risk arising from unanticipated changes in the overall level of interest rates or in the shape of the yield curve
   b. Foreign exchange risk - the risk when cash flows received are in a currency different from the cash flows due
2. Economic risk - eg, price and salary fluctuation
3. Credit risk - default risk (eg, a default on loans or a reinsurer failure)
4. Liquidity risk - the risk that a firm cannot easily trade its assets or that it cannot raise additional financing when required
5. Systemic risk - the risk of failure of a financial system (see separate list)
6. Demographic risk
   a. Mortality risk - the risk that a portfolio will suffer from mortality being greater than expected (negatively affects life insurance)
   b. Longevity risk - the risk that a portfolio will suffer from mortality being less than expected (negatively affects pension and annuity business)
7. Non-life insurance risk - the risk related to the incidence of claims and their intensity
8. Operational risks - risks that impact the way in which a firm carries on business (see separate list)
9. Residual risks - risks that remain once action has been taken to treat a risk. For example, if an interest rate swap is used to reduce exposure to changes in interest rates, the residual risk is that the bank will not be able to make its payments on the swap.

Question 2

Types of systemic risk (4)

Answer 2

1. Financial infrastructure - eg, a bank unable to pay back loans from other banks
2. Liquidity risk - can become systemic if a run on banks occurs
3. Common market positions - feedback risk is the risk that a change in an investment’s price will result in further changes in the same direction. This could then impact all investors who have common investment positions.
4. Exposure to common counter-party - the risk that a relatively small failure will cascade through several layers of investors

Question 3

Types of demographic (mortality or longevity) and non-life insurance risk (4)

Answer 3

1. Level risk (for life insurance) or U/W risk (for non-life insurance) - the risk that the average level of claims for a particular population will differ from what was assumed
2. Volatility risk - the risk of claims differing from assumed due to volatility in a small population
3. Catastrophe risk - the risk of large losses due to some significant event (such as a natural disaster)
4. Trend risk - the risk claim rates will change unexpectedly from current levels

Question 4

Types of operational risks (13)

Answer 4

1. Business continuity risk - the risk that an external event will affect the physical ability of a firm to carry on business at its normal place of work
2. Regulatory risk - the risk that an organization will be negatively impacted by a change in legislation or regulation, or that it will fail to comply with current legislation or regulation
3. Technology risk - the risk of a technology failure, including loss or disclosure of confidential info, data corruption, and computer system failure
4. Crime risk - this results from the dishonest behavior of individuals (eg, theft of money or intellectual property by an employee)
5. People risk (see separate list)
6. Bias - a type of systemic risk
   a. Deliberate bias can arise if key risks are intentionally omitted or downplayed
   b. Unintentional bias may occur due to overconfidence in one’s ability to complete a difficult task
   c. Anchoring is where decisions are made relative to an existing position (eg reserves are only changed slightly from the current level)
7. Legal risk - the risk arising from poorly-drafted legal documents
8. Process risk - the risk inherent in the processes used by firms (eg, underwriting and claim handling)
9. Model risk - the risk that financial models used to assess risk or otherwise help make financial decisions are flawed
10. Data risk - the risk of using poor data
11. Reputational risk - failures related to other risks can lead to a loss of confidence in the organization and a subsequent loss of business
12. Project risk - refers to all of the various operational risks in the context of a particular project
13. Strategic risk - the risk the organization will not make a conscious decision of what its strategy is and how it intends to implement it

Question 5

Types of people risk (4)

Answer 5

1. Employment-related risks - the risk that the wrong people are employed, retained, or promoted
2. Adverse selection - the risk that the demand for insurance will be positively correlated with the risk of loss
3. Moral hazard - the risk that people who are insured will be less likely to avoid risk
4. Agency risk - the risk that a party that is appointed to act on behalf of another will instead act on its own behalf

Question 6

Broad areas in the risk identification process (4)

Answer 6

1. Risk identification tools (see separate list)
2. Risk identification techniques (see separate list)
3. Assessment of the nature of risks
   a. Quantifiable risks can be modeled
   b. Unquantifiable risks can often be analyzed by the groups that identify them
4. Recording risks in a risk register - the register details all of the risks faced by the organization. It should be constantly updated to reflect the changing nature of risks and the evolving environment

Question 7

Risk identification tools (7)

Answer 7

1. SWOT analysis - identifies the organization’s:
   a. Strengths (eg, market dominance, economies of scale, and effective leadership)
   b. Weaknesses (eg, high costs, a lack of direction, and financial weakness)
   c. Opportunities (eg, innovation, additional demand, and cheap funding)
   d. Threats (eg, new competitors, price pressure, falling liquidity, and increased regulation)
2. Risk checklists - lists that are used as a reference for identifying risks in a particular organization or situation
3. Risk prompt lists - similar to checklists, but rather than seeking to pre-identify every risk, they simply identify categories of risk that should be considered
4. Risk taxonomy - more detailed than a prompt list, containing a description and categorization of all risks that might be faced
5. Risk trigger questions - lists of situations or areas in an organization that can lead to risk
6. Case studies - can suggest specific risks to consider, particularly if there are similarities to the organization in the case study
7. Risk-focused process analysis - involves constructing flow charts for every process used by the organization and analyzing the points at which risks can occur

Question 8

Risk identification techniques (7)

Answer 8

1. Brainstorming - this is an unrestrained or unstructured group discussion
2. Independent group analysis - without collaboration, all participants write down ideas on risks that might arise. These ideas are aggregated and there is a discussion. Risks are anonymously ranked.
3. Surveys - participants are given a list of questions about different aspects of the organization to try to draw out the risks faced
4. Gap analysis - consists of a survey that asks two types of questions: the desired level of risk exposure and the actual level of exposure
5. Delphi technique - begins with an initial survey of experts who comment on risks anonymously and independently. Is followed by subsequent surveys that are based on earlier responses. Continues until there is a consensus or stalemate.
6. Interviews - individuals are interviewed independently to identify the organization’s risks
7. Working groups - comprised of a small number of individuals who have familiarity with the risks identified. They investigate more fully the risks which have been identified already.

Question 9

Information to include for each entry in the risk register (17)

Answer 9

1. A unique identifier
2. The category within which the risk falls
3. The date of assessment for the risk
4. A clear description of the risk
5. Whether the risk is quantifiable
6. Info on the likelihood of the risk
7. Info on the severity of the risk
8. The period of exposure to the risk
9. The current status of the risk
10. Details of scenarios where the risk is likely to occur
11. Details of other risks to which this risk is linked
12. The risk responses implemented
13. The cost of the responses
14. Details of the residual risks
15. The timetable and process for review of the risk
16. The risk owner
17. The entry author
    (See also risk register list in Bluhm ch 47)

Question 10

Categories of risk for health insurance companies (6)

Answer 10

(There are separate lists of the types of risks for each of these categories)

1. Environmental risk
2. Financial risk
3. Operational risk
4. Pricing risk
5. Reputational risk
6. Strategic risk

Question 11

Environmental risks for health insurers (7)

Answer 11

1. Buyer environment - buyers strengthen or lessen their market position
2. Competition
3. Economy
4. Fraud (external) - fraud by providers or customers
5. Legal
6. Regulatory and legislative
7. Supplier environment - suppliers strengthen or lessen their market position

Question 12

Financial risks for health insurers (8)

Answer 12

1. Asset default
2. Data - insufficient data to assess a given risk
3. Financial viability
4. Interest rate
5. Liquidity
6. Model - a model does not reflect the process being analyzed
7. Reinvestment risk
8. Reserve adequacy - the level of reserves held is inadequate or excessive
9. Credit risk - the risk that receivables will not be received

Question 13

Operational risks for health insurers (11)

Answer 13

1. Billing and collections
2. Claims processing
3. Contract wording
4. Data technology and management - IT system failure
5. Fraud (internal)
6. Human resources - the firm does not hire the right people to perform needed tasks
7. Network management - network providers give poor service
8. Reinsurance cannot bet obtained at the desired level
9. Sales force being ineffective
10. Training - the firm’s employees being inadequately trained
11. Vendor relations - not selecting the right vendor or TPA

Question 14

Pricing risks for health insurers (14)

Answer 14

1. Anti-selection
2. Authority - premium rates deviate from pricing policies
3. Competition
4. Data - data is inadequate, incomplete, or inappropriate
5. Financial viability of capitated providers
6. Model - the pricing model does not properly reflect all pricing risks
7. Mortality
8. Regulatory and legislative
9. Reinsurance - adverse financial outcomes associated with the cost or availability of reinsuance
10. Trend: inflation - the actual trend differs from the pricing assumption
11. Trend: intensity and severity
12. Trend: developments in healthcare treatments
13. Trend: utilization
14. Underwriting policy results in miscategorizing of risks

Question 15

Reputational risks for health insurers (7)

Answer 15

External:
1. Disgruntled policyholder
2. Rating agencies - risk of a rating downgrade
3. Stock analysts - analysts misinterpret info or are impatient for profits
Internal:
4. Medical management/claims adjudication - slow claim payments
5. Corporate governance
6. Distribution - poor sales tactics destroy reputation
7. Fraud - control measures do not properly prevent fraud

Question 16

Strategic risks for health insurers (8)

Answer 16

1. Capital management - the company cannot get capital to support its strategy
2. Growth - growth is mismanaged
3. Incentives - incentives are misaligned with the corporate strategy
4. Management failure
5. Mergers and acquisitions - acceptable merger and acquisition candidates are unavailable
6. Network management - the company is unable to contract with providers.
7. Reinsurance - coverage is not available at an acceptable cost
8. Activist investors view company decisions as poorly managed