150 likes | 323 Views
Risk Management Croatian Insurance Days 2010. 15 th November 2010 Jiri Fialka. Contents. Risk Appetite 3 Stakeholder Expectations 4 Challenges 5 Current Industry Approaches 6 Metrics 7 Where on the distribution? 11 Embedding Risk Appetite 12 Setting Risk Appetite Limits 13
E N D
Risk ManagementCroatian Insurance Days 2010 15th November 2010 Jiri Fialka
Contents Risk Appetite 3 Stakeholder Expectations 4 Challenges 5 Current Industry Approaches 6 Metrics 7 Where on the distribution? 11 Embedding Risk Appetite 12 Setting Risk Appetite Limits 13 Conclusion 14
What is Risk Appetite? Risk Appetite At the highest level, risk appetite defines the amount of overall risk that a firm is willing to accept in pursuit of its business objectives. Some regulators (such as the FINMA in Switzerland) distinguish that from risk tolerance, the amount of overall risk a firm CAN take. Risk Appetite Framework The board ultimately needs to set risk appetite and cascade it within the firm. A risk appetite framework defines the approach for : setting the firm’s overarching risk appetite, the processes, controls and methodology for setting and managing against risk limits The framework will be dependent on a number of factors including the nature, size and complexity of the business. The two aspects of the framework that are within the control of management are the level of granularity chosen and the suite of risk metrics used.
What are Stakeholder Expectations? FSA (Insurance Sector Briefing) Solvency II text (CP33) • The regulatory text thus far contains high level statements establishing the imperative for a risk appetite framework: • “well documented risk management strategy that includes... risk appetite” • The appetite needs to then be expressed in “acceptable levels of risk limits for each risk type” • The risk management function will “maintain an organisation-wide and aggregated view on the risk profile” • “an appropriate own risk and solvency assessment (ORSA)” • The FSA is disappointed with progress in insurers and made the following observations as early as November 2006: • “Risk appetite is not well understood in many firms to a level of clarity that provides a reference point for all material decision making. There is a big step between defining and applying risk appetite” • “Producing meaningful statements of risk appetite has posed significant challenges for many firms.”“....slow progress by boards and management to go beyond definition and apply them a point of reference for material decision making”. A Deloitte perspective S&P • Companies will be viewed as having weak, adequate, strong, or excellent ERM. Companies are expected to: • Knowingly take considered risks and understand that losses are probable. In effect, risk management should provide a company with reasonable grounds to believe that it will be able to manage any events and losses within predetermined bounds. • Measure all of their risks on comparable measures so that the risk-management process of managing risk taking and limiting losses to within company tolerances can be performed across all risks and for the total enterprise. • Risk Appetite is the mechanism by which the owners of the firm express to the management of the firm the risk profile they wish to take. This is measured at multiple time horizons • Risk Appetite is both qualitative and quantitative • Risk appetite frameworks provide a pivotal link between strategic objectives of the organisation and its risk management framework and limit structures. • Risk appetite should be cascaded to the business to inform day to day business decisions and become embedded in the firms risk management framework.
Challenges Implementing Risk Appetite • Many firms will face a number of challenges around the development of their risk appetite, particularly ensuring it is: • meaningful across a number of metrics and at an appropriate level of granularity, and • embedded within the day-to-day running of the business.
Current Industry Approaches • Firms all have some form of Appetite statements • We are not aware of many firms who have in place a robust Risk Appetite framework • The insurance industry is slowly finding its way into Risk Appetite. Solvency II provides considerable impetuous. • Firms are reaching out to consultants to provide intellectual input • Appetite is increasingly included as a work stream within Solvency II programmes • Long terms insurance risks potentially make appetite more complicated than banking • The same complication should demand a robust approach to setting appetite for risks • Existing Appetite frameworks are operated without reference to or input from risk drivers within the capital model. • Volatility or earnings at risk should be drawn from the same model as the capital • FSA Arrow reviews are increasingly focusing on risk appetite • Solvency II strongly establishes the requirement without providing any detail • Few firms contain a CRO with holistic risk responsibilities – these individuals drive Appetite frameworks within banks. This is not a Chief Actuary mind set. • Solvency II requires firms to think as Groups not just legal entities. How will firms complete a Group-wide ORSA without a robust Appetite framework? Risk Appetite frameworks are not in place Solvency II and FSA is driving thinking External inputs and benchmarking Long term risks make appetite complicated No linkage between ICA models and Appetite No obvious sponsor or driver, e.g. CRO
Metrics – It’s not just about capital! To date, many life companies have only used a capital metric to define their risk appetite. For example, firms have defined risk appetite as having sufficient capital to cover its internal capital requirements based on a particular credit rating (e.g. AA). A capital metric focuses on preservation of policyholder benefits without providing sufficient insight into how the risks can be managed to meet the broader business objectives. Including other value metrics in the framework, such as earnings or cashflow, allows a firm to set its risk appetite more broadly and ensures a clearer link to business objectives. Business Objectives Risk Appetite needs to be articulated in the context of broader business objectives.
Metrics – Capital at Risk The capital requirement (or capital at risk) provides a measure of the level of risk exposure for an organisation. In isolation, the nominal capital requirement does not provide much information. However, it is possible to use relative metrics to help articulate risk appetite. Risk capacity and risk exposure Relative capital requirements by risk class Company balance sheet Company balance sheet Additional Risk capacity indicator Surplus Assets Capital Requirement Risk exposure indicator Liabilities Surplus Assets Risk class 1 Capital Requirement Risk class 2 Risk class N Liabilities Relative risk exposure indicator by risk class • The capital requirement represents a measure of the risk that the organisation is currently exposed to. • The surplus represents additional risk capacity, giving insight into the ability of the organisation to take on further risk. • The capital requirement should be able to be split by risk class. • Consideration can be made of both current relative risk exposures and forecasted/ projected relative risk exposures.
Risk Exposure Risk Exposure Risk Exposure Risk % of Liabilities - Credit Spreads - Diversified Risk % of Liabilities - Interest - Diversified Capital Required as % of liabilities - Diversified 14% 8% 7% 12% Credit Spreads 6% Interest 10% 5% 8% Risk Appetite - Credit Spreads Risk Appetite - Interest Rate 4% 30% contribution - Diversified - Low contribution - Diversified - Low 6% 3% Risk Appetite - Credit Spreads Risk Appetite - Interest Rate 4% contribution - Diversified - High 2% contribution - Diversified - High 2% 25% 1% 0% 0% Capital required as % of Legal BU 1 - BU 2 - Legal BU 3 - Legal BU 1 - BU 2 - Legal BU 3 - Entity 1 Term Annuities Entity 2 Pensions Entity 1 Term Annuities Entity 2 Pensions 20% liabilities (CRL%) - Diversified Assurance Assurance Group Legal Entity 1 Legal Entity 2 Group Legal Entity 1 Legal Entity 2 15% Risk Appetite - CRL% - Risk Exposure Risk Exposure Diversified - Low Risk % of Liabilities - Asset Share Volatility - Diversified Risk % of Liabilities - Equity - Diversified 10% Risk Appetite - CRL% - 8% 8% 5% Diversified - High 7% 7% Asset Share Volatility 6% 6% Equity Levels 0% 5% 5% Risk Appetite - Asset Share Risk Appetite - Equity Levels 4% 4% Volatility contribution - contribution - Diversified - Low Legal BU 1 - BU 2 - Legal BU 3 - Diversified - Low 3% 3% Risk Appetite - Equity Levels Risk Appetite - Asset Share 2% contribution - Diversified - High Entity 1 Term Annuities Entity 2 Pensions 2% Volatility contribution - 1% Diversified - High 1% Assurance 0% 0% Legal BU 1 - BU 2 - Legal BU 3 - Legal Entity BU 1 - Term BU 2 - Legal Entity BU 3 - Entity 1 Term Annuities Entity 2 Pensions Group Legal Entity 1 Legal Entity 2 1 Assurance Annuities 2 Pensions Assurance Group Legal Entity 1 Legal Entity 2 Group Legal Entity 1 Legal Entity 2 Risk Exposure Risk % of Liabilities - Mortality - Diversified 16% 14% 12% Mortality Level 10% Risk Appetite - Mortality 8% contribution - Diversified - Low 6% Risk Appetite - Mortality 4% contribution - Diversified - High 2% 0% Legal BU 1 - BU 2 - Legal BU 3 - Entity 1 Term Annuities Entity 2 Pensions Assurance Group Legal Entity 1 Legal Entity 2 Metrics – Capital at Risk In this section we look at how Capital at Risk could be developed at the next level of granularity. Group • In the example, the Group is exposed to 5 risks: • Interest • Credit Spreads • Asset Share Volatility • Equity • Mortality Legal Entity 1 Legal Entity 2 Term Assur. Annuities Pensions Business unit 3 Business unit 1 Business unit 2
Metrics – Earnings at Risk Earnings at Risk attempts to address the value aspect of risk appetite, to provide a more complete picture of the nature of risks that the organisation could be exposed to. Earnings at Risk provides a different perspective on risk relative to Capital at Risk as it focuses on how risks impact earnings and also potentially cashflow. Thus, there are likely to be conflicts as different risks will bite for Earnings at Risk relative to Capital at Risk. Risk 1 Risk 2 Risk N • The Earnings at Risk number can be considered as the difference between a projected earnings and stressed earnings value. • This diagram depicts how Earnings at Risk could be analysed separately for a forecasted period and risk appetite set for each year (refreshed annually). Earnings At Risk Year 1 Projected Earnings Year 1 Stressed Earnings Year 1 Earnings volatility due to individual risk drivers • Earnings at risk is likely to be focused on different points on the distribution relative to capital at risk (e.g. 1 in 10 vs 1 in 200). • Earnings at risk will be focused on both New Business and Existing Business. • Cashflow at risk is a another metric that can be considered. Important in relation to dividend payments by the organisation. • There will be challenges around projecting a risk-based balance sheet to assess earnings at risk. In particular: • Methodology and Technology • What-if capability • Achieving the right balance between accuracy and ability to carry out What-if analysis • Likely to be conflicts as different risks will bite for Earnings at Risk relative to Capital at Risk. Difficult management decisions. Year 1 Year 2 Year 3 Year 4 Year 5
Where on the distribution? • To support Risk Appetite and ORSA an Internal Model should do more than calculate the tail. • If the model analyses different loss horizons risk managers can understand drivers of risk • At which horizon is the firm managing its Risk Appetite? • Risks driving ‘difficulty’ (aka reverse stresses) are not the same as the catastrophic tail risks of capital • Limit frameworks and concentration risks will be different at different horizons • Limit frameworks should be clear on which limits are managing tail risk and which profit volatility • Risk appetite frameworks can leverage the model to identify risk drivers at the varying horizons and ensure suitable limits are in place, e.g. concentration risk within a card portfolio Drivers of losses are different
Embedding Risk Appetite Risk appetite should be set by the Board as part of the annual planning cycle Cascaded to business and regional units as part of their operational planning Risk appetite set at Group, Business Unit, Major-Product and Risk Class Periodic (monthly / quarterly) risk reporting should include MI which monitors risk exposures against limits Consistent process for treatment of breaches Board and senior management training, awareness and engagement Standing item on terms of reference of risk committees Continuous refinement and iteration Linkage between risk appetite limits and operational limits around risk drivers (such as products and asset allocations) Inclusion in performance management (role profiles and objectives)
Setting Risk Appetite Limits Limit setting should consider and involve: Risk Philosophy What-if Analysis Historical Analysis Loss horizons Hard and soft limits Treatment of breaches Top-down and bottom-up approaches – a range of operational limits will already be established Senior management, SME, risk and actuarial function input Iteration and refinement Illustration of risk appetite limits Risk appetite limit thresholds Current capital cover ratio Capital cover position Approaching thresholds Time
Conclusion Risk Appetite is not currently embedded within the life industry. Solvency II will act as a significant catalyst towards embedding Risk Appetite. Risk Appetite is not just about capital. To be meaningful, risk appetite will need to be sufficiently granular across a suite of metrics. To be effective, risk appetite will need to be embedded in the day-to-day management of the business. Timely management information and forward-looking KPIs will be critical to successful implementation.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/cz/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. This document is confidential and prepared solely for your information. Therefore you should not, without our prior written consent, refer to or use our name or this document for any other purpose, disclose them or refer to them in any prospectus or other document, or make them available or communicate them to any other party. No other party is entitled to rely on our document for any purpose whatsoever and thus we accept no liability to any other party who is shown or gains access to this document.