180 likes | 383 Views
ERM Theory and Practice. Stephen P. D’Arcy University of Illinois Concurrent Session ERM 2 CAS Spring Meeting May 2006. ERM Theory. ERM Practice. Current Situation. ERM Theory. ERM considers all risks an organization can or does face holistically
E N D
ERM Theory and Practice Stephen P. D’Arcy University of Illinois Concurrent Session ERM 2CAS Spring MeetingMay 2006
ERM Theory ERM Practice Current Situation
ERM Theory • ERM considers all risks an organization can or does face holistically • Organizations have a well defined risk appetite • All participants have a common language for, and understanding of, risk • Risk is fully quantified • Risk management is applied consistently within the organization • ERM adds value to the organization
Aggregate Risk Management • Strategic Risk • Regulation • Reputation • Competition • Hazard Risk • Hurricanes • Lawsuits • Injuries • Financial Risk • Credit Risk • Market Risk • Interest Rates • Operational Risk • Internal Fraud • Recalls ERM Theory – Risk Aggregation
ERM Theory – Risk Appetite • Limits for adverse event • Severity • Frequency • Same values used for all risks • Examples • 99.97% chance of remaining solvent • 95% chance of retaining AA rating or higher • 0.1% chance of losses exceeding $1 billion • Need 25% return (or $250 million) to increase 0.1% loss probability from $1 billion to $1.1 billion
ERM Theory – Quantification • Firm has a set aggregate risk tolerance • Entire distribution of outcomes is known • Correlations between risk factors specified • Constant • Tail • Need for a CAPM approach to risk • 250 risk factors → 31,125 correlations • Covariance with market risk → 250 correlations
ERM Theory – Consistent Application • Concentration of homeowners policies accepted up to point the overall risk to firm reaches risk tolerance level • Reinsurance retention selected based on risk tolerance level • Investment portfolio asset allocation determined based on risk tolerance level • Chance of IT system failure in line with risk tolerance level
ERM Theory – Value Added • Policyholders pay risk premium on auto insurance • Aggregate loss variation of auto insurer • Directly related to loss frequency • Oil prices impact driving patterns • Inversely related to auto loss frequency • Auto insurer can reduce aggregate risk by assuming oil price risk • Insurer will be paid to accept oil price risk • Combining risk adds value to insurer
ERM Practice • ERM coordinates hazard and financial risk • Organizations can verbalize risk appetite (remote chance of insolvency) but not quantify it • Participants have different languages for risk, but might understand some of the other participants’ terminology • Only hazard and financial risk is quantified • ERM is used primarily to monitor risk exposure
ERM Practice – Coordination • Asset-Liability Management (ALM) • Duration matching • Combining hazard and financial risk • WC and foreign exchange risk • Longevity risk and interest rate risk
ERM Practice – Risk Appetite • Common level of risk of insolvency: 0.03% • Based on old study of AA bond defaults • One year happened to be this level • Does not reflect chance of downgrade, then defaulting
“gerencia de riesgo ” “risk management” “amministrazione di rischio ” “リスク管理” “风险管理” “διαχείριση Κινδύνου” “Risikomanagement” “위험 관리” “управления при допущении риска” “ gestion des risques” ERM Practice –Risk Languages
ERM Practice –Risk Languages • Hazard risk language has developed over last four centuries • Frequency, severity, retentions • Probable Maximum Loss (PML) • Maximum Possible Loss (MPL) • Financial risk language developed over last four decades • Duration and convexity • Derivatives – forwards, futures, options, swaps • Value-at-Risk (VaR), Tail VaR • New ERM language being created now
ERM Practice –Quantification • Hazard risk can be quantified well • Loss distributions – empirical and theoretical • Cat risk modeling • Financial risk is also quantified • VaR – historical or analytical • Term structure models • Option pricing models • Delta hedging • Volatility smiles • Operational risk measurement minimal • “Still in its infancy” or “Pre-infancy stage”
ERM Practice – Risk Monitoring • Sarbanes-Oxley Act of 2002 • COSO – checklist of risks • Basil II – risk treatment • Rating agencies • Organizational structure • Use of models
What’s Needed for ERM to Grow • Quantify Operational Risk • Integrate Risk Effectively • Develop Reliable Risk Metrics • Communicate Risk to Decision Makers • Weed out Ineffective Risk Managers • Positive impact of disasters • Survival of the fittest