Types of Risk and Risk Identification Flashcards
Categories of risk faced by organizations (57)
- Market risk - the risk inherent from exposure to capital markets (eg, fluctuations in value of assets held)
a. Interest rate risk - the risk arising from unanticipated changes in the overall level of interest rates or in the shape of the yield curve
b. Foreign exchange risk - the risk when cash flows received are in a currency different from the cash flows due - Economic risk - eg, price and salary fluctuation
- Credit risk - default risk (eg, a default on loans or a reinsurer failure)
- Liquidity risk - the risk that a firm cannot easily trade its assets or that it cannot raise additional financing when required
- Systemic risk - the risk of failure of a financial system (see separate list)
- Demographic risk
a. Mortality risk - the risk that a portfolio will suffer from mortality being greater than expected (negatively affects life insurance)
b. Longevity risk - the risk that a portfolio will suffer from mortality being less than expected (negatively affects pension and annuity business) - Non-life insurance risk - the risk related to the incidence of claims and their intensity
- Operational risks - risks that impact the way in which a firm carries on business (see separate list)
- Residual risks - risks that remain once action has been taken to treat a risk. For example, if an interest rate swap is used to reduce exposure to changes in interest rates, the residual risk is that the bank will not be able to make its payments on the swap.
Types of systemic risk (58)
- Financial infrastructure - eg, a bank unable to pay back loans from other banks
- Liquidity risk - can become systemic if a run on banks occurs
- Common market positions - feedback risk is the risk that a change in an investment’s price will result in further changes in the same direction. This could then impact all investors who have common investment positions.
- Exposure to common counter-party - the risk that a relatively small failure will cascade through several layers of investors
Types of demographic (mortality or longevity) and non-life insurance risk (59)
- Level risk (for life insurance) or U/W risk (for non-life insurance) - the risk that the average level of claims for a particular population will differ from what was assumed
- Volatility risk - the risk of claims differing from assumed due to volatility in a small population
- Catastrophe risk - the risk of large losses due to some significant event (such as a natural disaster)
- Trend risk - the risk claim rates will change unexpectedly from current levels
Types of operational risks (59)
- Business continuity risk - the risk that an external event will affect the physical ability of a firm to carry on business at its normal place of work
- Regulatory risk - the risk that an organization will be negatively impacted by a change in legislation or regulation, or that it will fail to comply with current legislation or regulation
- Technology risk - the risk of a technology failure, including loss or disclosure of confidential info, data corruption, and computer system failure
- Crime risk - this results from the dishonest behavior of individuals (eg, theft of money or intellectual property by an employee)
- People risk (see separate list)
- Bias - a type of systemic risk
a. Deliberate bias can arise if key risks are intentionally omitted or downplayed
b. Unintentional bias may occur due to overconfidence in one’s ability to complete a difficult task
c. Anchoring is where decisions are made relative to an existing position (eg reserves are only changed slightly from the current level) - Legal risk - the risk arising from poorly-drafted legal documents
- Process risk - the risk inherent in the processes used by firms (eg, underwriting and claim handling)
- Model risk - the risk that financial models used to assess risk or otherwise help make financial decisions are flawed
- Data risk - the risk of using poor data
- Reputational risk - failures related to other risks can lead to a loss of confidence in the organization and a subsequent loss of business
- Project risk - refers to all of the various operational risks in the context of a particular project
- Strategic risk - the risk the organization will not make a conscious decision of what its strategy is and how it intends to implement it
Types of people risk (60)
- Employment-related risks - the risk that the wrong people are employed, retained, or promoted
- Adverse selection - the risk that the demand for insurance will be positively correlated with the risk of loss
- Moral hazard - the risk that people who are insured will be less likely to avoid risk
- Agency risk - the risk that a party that is appointed to act on behalf of another will instead act on its own behalf
Broad areas in the risk identification process (61)
- Risk identification tools (see separate list)
- Risk identification techniques (see separate list)
- Assessment of the nature of risks
a. Quantifiable risks can be modeled
b. Unquantifiable risks can often be analyzed by the groups that identify them - Recording risks in a risk register - the register details all of the risks faced by the organization. It should be constantly updated to reflect the changing nature of risks and the evolving environment
Risk identification tools (61)
- SWOT analysis - identifies the organization’s:
a. Strengths (eg, market dominance, economies of scale, and effective leadership)
b. Weaknesses (eg, high costs, a lack of direction, and financial weakness)
c. Opportunities (eg, innovation, additional demand, and cheap funding)
d. Threats (eg, new competitors, price pressure, falling liquidity, and increased regulation) - Risk checklists - lists that are used as a reference for identifying risks in a particular organization or situation
- Risk prompt lists - similar to checklists, but rather than seeking to pre-identify every risk, they simply identify categories of risk that should be considered
- Risk taxonomy - more detailed than a prompt list, containing a description and categorization of all risks that might be faced
- Risk trigger questions - lists of situations or areas in an organization that can lead to risk
- Case studies - can suggest specific risks to consider, particularly if there are similarities to the organization in the case study
- Risk-focused process analysis - involves constructing flow charts for every process used by the organization and analyzing the points at which risks can occur
Risk identification techniques (62)
- Brainstorming - this is an unrestrained or unstructured group discussion
- Independent group analysis - without collaboration, all participants write down ideas on risks that might arise. These ideas are aggregated and there is a discussion. Risks are anonymously ranked.
- Surveys - participants are given a list of questions about different aspects of the organization to try to draw out the risks faced
- Gap analysis - consists of a survey that asks two types of questions: the desired level of risk exposure and the actual level of exposure
- Delphi technique - begins with an initial survey of experts who comment on risks anonymously and independently. Is followed by subsequent surveys that are based on earlier responses. Continues until there is a consensus or stalemate.
- Interviews - individuals are interviewed independently to identify the organization’s risks
- Working groups - comprised of a small number of individuals who have familiarity with the risks identified. They investigate more fully the risks which have been identified already.
Information to include for each entry in the risk register (Sweeting 63)
- A unique identifier
- The category within which the risk falls
- The date of assessment for the risk
- A clear description of the risk
- Whether the risk is quantifiable
- Info on the likelihood of the risk
- Info on the severity of the risk
- The period of exposure to the risk
- The current status of the risk
- Details of scenarios where the risk is likely to occur
- Details of other risks to which this risk is linked
- The risk responses implemented
- The cost of the responses
- Details of the residual risks
- The timetable and process for review of the risk
- The risk owner
- The entry author
(See also risk register list in Bluhm ch 47)
Categories of risk for health insurance companies (81)
(There are separate lists of the types of risks for each of these categories)
- Environmental risk
- Financial risk
- Operational risk
- Pricing risk
- Reputational risk
- Strategic risk
Environmental risks for health insurers (81)
- Buyer environment - buyers strengthen or lessen their market position
- Competition
- Economy
- Fraud (external) - fraud by providers or customers
- Legal
- Regulatory and legislative
- Supplier environment - suppliers strengthen or lessen their market position
Financial risks for health insurers (82)
- Asset default
- Data - insufficient data to assess a given risk
- Financial viability
- Interest rate
- Liquidity
- Model - a model does not reflect the process being analyzed
- Reinvestment risk
- Reserve adequacy - the level of reserves held is inadequate or excessive
- Credit risk - the risk that receivables will not be received
Operational risks for health insurers (82)
- Billing and collections
- Claims processing
- Contract wording
- Data technology and management - IT system failure
- Fraud (internal)
- Human resources - the firm does not hire the right people to perform needed tasks
- Network management - network providers give poor service
- Reinsurance cannot bet obtained at the desired level
- Sales force being ineffective
- Training - the firm’s employees being inadequately trained
- Vendor relations - not selecting the right vendor or TPA
Pricing risks for health insurers (82)
- Anti-selection
- Authority - premium rates deviate from pricing policies
- Competition
- Data - data is inadequate, incomplete, or inappropriate
- Financial viability of capitated providers
- Model - the pricing model does not properly reflect all pricing risks
- Mortality
- Regulatory and legislative
- Reinsurance - adverse financial outcomes associated with the cost or availability of reinsuance
- Trend: inflation - the actual trend differs from the pricing assumption
- Trend: intensity and severity
- Trend: developments in healthcare treatments
- Trend: utilization
- Underwriting policy results in miscategorizing of risks
Reputational risks for health insurers (83)
External:
1. Disgruntled policyholder
2. Rating agencies - risk of a rating downgrade
3. Stock analysts - analysts misinterpret info or are impatient for profits
Internal:
4. Medical management/claims adjudication - slow claim payments
5. Corporate governance
6. Distribution - poor sales tactics destroy reputation
7. Fraud - control measures do not properly prevent fraud