Download Adopting Enterprise Risk Management (ERM) in high

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts

Financialization wikipedia , lookup

Beta (finance) wikipedia , lookup

Business valuation wikipedia , lookup

Securitization wikipedia , lookup

Investment fund wikipedia , lookup

Investment management wikipedia , lookup

Financial economics wikipedia , lookup

Actuary wikipedia , lookup

Moral hazard wikipedia , lookup

Risk wikipedia , lookup

Systemic risk wikipedia , lookup

Transcript 
PERSPECTIVES
SUMMER 2015
RISK MANAGEMEN
ANAGEMENT RISK
MENT RISK MANAG
ISK MANAGEMENT
NAGEMENT RISK M
RISK MANAGEMEN
ANAGEMENT RISK
MENT RISK MANAG
ISK MANAGEMENT
NAGEMENT RISK M
RISK MANAGEMEN
ANAGEMENT RISK
ADOPTING ENTERPRISE
RISK MANAGEMENT (ERM)
IN HIGH-GROWTH INSURANCE MARKETS
THE TRUST RE EXPERIENCE
Adopting Enterprise Risk Management (ERM)
in High-Growth Insurance Markets
The Trust Re experience
Summer 2015
Contents:
1. Preface by the Chief Executive Officer..........................................................6
2. The growing global importance of ERM.......................................................8
3. ERM in high-growth insurance markets......................................................11
4. The Trust Re example..................................................................................13
5. Conclusions.................................................................................................28
TRUST RE PERSPECTIVES
1.
Preface by the Chief Executive Officer
Risk management lies at the core of every (re)insurer’s value proposition. Rooted in and thoroughly
familiar with high-growth environments, Trust Re considers itself a forerunner in advancing metric-based
risk management as a means to make value-accretive decisions in less mature insurance markets. For
us, Enterprise Risk Management (ERM) is about guiding our business in choosing risks wisely to create
value and build customer trust. The respective framework is embedded in decision-making throughout
the organisation. It is instrumental in steering the Company.
In emerging markets ERM is still often perceived as an onerous regulatory burden and a mere compliance
requirement. The strategic opportunities and benefits arising from ERM are frequently ignored. This
publication is meant to address this deficiency.
Based on our proprietary processes which are aligned with the specific requirements of a high-growth
market environment, we would like to make the strategic case for ERM, with a particular emphasis on
those elements which do not necessitate major financial investments.
As risks become transparent, measurable and manageable, Trust Re’s performance profits from lower
volatility and a greater resilience. At the same time, policyholders are set to benefit from more adequate,
risk-based pricing and a lower counterparty risk, while rating agencies and regulators feel more comfortable
with the Company’s security. We are convinced that our ERM system provides us with a distinct competitive
advantage and would like to encourage our customers to also embrace the opportunities of ERM – for their
own and the entire market’s benefit. In insurance and reinsurance, we deal with people’s fear and risks; as
such we firmly believe that ERM should be a continuous responsibility for generations to come.
Trust Re’s application of ERM also demonstrates that a proper implementation of effective ERM is not
at all a matter of an insurer’s size or resources. Rather, what counts is the overall mind-set and a firm’s
ability to tailor ERM to specific organisational, business and market needs. With strong leadership and
endorsement from the Board, and managed by an empowered risk management function, Trust Re has
established a comprehensive risk culture which assures awareness of risk and accountability throughout
the organisation.
All risks Trust Re is facing – be they market, insurance, operational or credit risks – are consistently
defined, measured, registered, monitored, reported and mitigated. The Company’s risk appetite and
control mechanisms, which duly reflect Trust Re’s risk profile and risk tolerance, are regularly reviewed
and approved through a tight network of systems and processes, which include the forward looking view
of Trust Re’s Own Risk and Solvency Assessment (ORSA), scenario and stress testing as well as internal,
regulatory and rating agency capital models.
06
TRUST RE PERSPECTIVES
Ultimately, Trust Re’s ERM process enables us to write business which maximises our risk-adjusted
profitability. Through this publication we seek to encourage and support our clients and other stakeholders
to capture this potential.
Fadi AbuNahl
CEO
Trust Re
07
TRUST RE PERSPECTIVES
2.
The growing global importance of ERM
What is ERM?
Enterprise Risk Management (ERM) is about holistically and consistently identifying, managing and
reporting current and future risks across the enterprise, measuring their financial impact and controlling
the performance of corporate and business strategy.
What is behind the rise of ERM?
In the insurance sector, ERM started rising to prominence from the beginning of this century. The
confluence of the 9/11 terrorist attacks and the almost simultaneous global stock market downturn
caused the bursting of the dotcom bubble, and thus fuelled concerns about cumulating consequences of
low probability events. For the first time, many insurers were simultaneously hit on the asset and liability
side of their balance sheets. And regulators, also for the first time, started musing about systemic risk in
the global insurance and reinsurance sector. It was only logical for them to call for higher capital and risk
management requirements in insurance.
In addition, also outside of the insurance industry, interest in a proper enterprise risk management was
fuelled by the view that almost all risk events impacting corporations could have been predicted, prepared
for and subsequently better managed, possibly even avoided. The collapse of the US Corporation Enron in
2001 stands out as the example for a disaster that triggered heightened demand for an improvement in
risk management and its standards.
Towards risk-based and economic regulatory frameworks
In light of the resilient and robust US Risk-Based Capital (RBC) system, introduced as early as 1994, some
countries embarked on a risk-orientated approach to insurance regulation, including Canada, Australia,
the UK and Switzerland. In 2003, the European Union launched the Solvency II project, following the
principles of Basel II with its three-pillar approach to banking regulation. Solvency II is more ambitious
than RBC though: It relies on market-consistent valued assets and liabilities, whereas RBC is based on US
statutory accounting rules, and thus does not fully reflect the true economic reality of a company’s balance
sheet. It is widely believed that solvency regimes based on economic principles and an all-risk approach
point the global way forward for insurance and reinsurance regulatory regimes.
Pillar 1 of Solvency II focuses on the calculation of the insurer’s Solvency Capital Requirement (SCR),
using a risk-based internal model and/or a standard formula. Pillar 2 is particularly relevant to ERM: It
addresses internal control, risk management, governance, compliance and reporting systems. Regulated
entities will have to put up appropriate risk management frameworks which need to be transparent,
well-documented and embedded in all major business processes. Pillar 3 is about transparency and
08
TRUST RE PERSPECTIVES
stipulates specific obligations regarding the level of information for and communication with regulators
and market participants. Ultimately, disclosure requirements are expected to enhance market discipline
and to promote the protection of policyholders and overall financial stability.
Figure 1: Solvency II as a catalyst for ERM
The three pillars of Solvency II
Capital, governance and disclosure
PILLAR 1
PILLAR 2
PILLAR 3
•
Capital requirements reflect
economic balance sheet view and
comprehensive risk consideration
•
Group supervision by a College of
Supervisors
•
Improved risk disclosure to the
public and confidential disclosure
to supervisory authorities
•
•
Solvency capital requirements to
absorb a 1 in 200 year event
•
Disclosure to include risk profile
and risk management standards
•
Capital can be determined based
on a standard formula or an
internal model
Own Risk and Solvency
Assessment (ORSA) covering
- Risk identification
- Risk measurement
- Risk management
- Risk monitoring
Quantitative requirements
Supervision and risk governance
Reporting and disclosure
Source: Adapted from the European Commission
© Dr. Schanz, Alms & Company
Rating agencies embrace ERM as a key determinant of rating decisions
In addition to regulators, rating agencies quickly grasped the relevance of ERM. For example, Standard &
Poor’s introduced ERM as a critical component of its rating methodology in 2005. Concepts such as ‘risk
appetite’, ‘risk tolerance’, ‘diversification’, the evaluation of extreme scenarios and the anticipation of
emerging risks now play a major role in rating decisions.
Key risk categories of a modern ERM system
The main risk categories covered by ERM are market risk, insurance risk, credit risk, business strategy risk and
operational risk. In order to measure and control them, an appropriate ERM programme will use an internal model
based on a holistic approach, the modelling of dependencies and the measurement of diversification effects. Other
key elements of a modern ERM framework include an internal control system to manage operational and reserving
risks, an emerging risk framework and a reinsurance/retrocession programme to limit corporate risk.
Competitive advantages through ERM
Enterprise Risk Management goes far beyond meeting the expectations of key stakeholders such as
regulators and rating agencies. As opposed to traditional risk management, it ultimately confers a distinct
competitive advantage to insurers practising it. A company that knows how to manage and measure
09
TRUST RE PERSPECTIVES
its risks consistently can choose the risks with the highest risk-adjusted returns. Therefore, ERM is a
prerequisite to return optimisation.
ERM needs to be tailored to specific corporate needs
Of course, ERM does not lend itself to a ‘one size fits all’ approach. A global multi-line insurer needs a
much more sophisticated ERM programme than a niche player who only operates in one line of business
and one country. Also, there is a direct link between risk management and capitalisation. A company that
carries significant excess of capital can withstand losses that are outside its risk tolerance, as opposed
to a company that runs on a very tight level of capital. The latter will need to make sure that the losses
stay within its tolerance. In this way the importance of ERM is linked to the level of capital adequacy or
excess capital.
Stakeholder benefits
ERM in combination with economic value-based performance measurement and business planning
is likely to provide policyholders with more transparency and improved risk-adjusted prices. Investors,
too, are set to benefit, e.g. from enhanced disclosure and ‘better run’ insurance companies embracing
economic principles. And even society at large stands to benefit as insurance companies grow more robust
and become (even) less likely to default at the expense of taxpayers.
Figure 2: How ERM benefits key stakeholders
Stakeholder group
Expected benefits
Customers
-
More transparency
-
More risk-adequate prices
-
Lower counterparty risks
-
Much improved disclosure
-
Better run insurance companies
-
Less volatile returns
-
More robust insurance companies (lower probability of default and threats
to financial stability)
Investors
Society at large
10
TRUST RE PERSPECTIVES
3.
ERM in high-growth insurance markets
The concept of ERM still faces many obstacles in emerging (insurance) markets and needs to be carefully
adapted to local needs and peculiarities. However, there are powerful forces at work which are set to
pave the way for ERM in high-growth environments as well.
Figure 3: High-growth market dynamics favour ERM
Less
abundant
capital
Improved
data quality
Stricter
governance
More
experienced
talent
Tighter
regulations
Greater risk
awareness
First, capital: Domestic insurers in emerging markets (e.g. the Middle East) are traditionally
comfortably capitalised and, more often than not, overcapitalised. One of the reasons behind
excess capital positions is a heavy reliance on reinsurance. However, as awareness of market
risk (e.g. stock market volatility) grows and retention levels increase insurers need to fund rapid
business growth.
Second, data: Availability and quality of relevant data is still notoriously deficient in most high-growth
markets. However, here as well, things are improving. One example is catastrophe models which
increasingly cover emerging market exposures.
Third, talent: Data needs to be processed and models need to be calibrated. Local talent is still
in short supply. Experienced expatriate staff is filling the gap, increasingly also in countries such
as China.
11
TRUST RE PERSPECTIVES
Fourth, culture: As reliable data is still hard to come by, intuition and experience matter more than
anything else in many emerging markets. In such an environment, it is difficult to establish (quantitative)
ERM systems. However, a younger generation of leaders that is adopting a different perspective on
analytics is slowly emerging.
Fifth, compliance and governance: Shortcomings still abound as respective legal and regulatory
requirements are missing or lack teeth and bite. In addition, linear (rather than matrix) reporting lines are
most common in emerging markets, making the business side usually prevail over the risk management
function. However, the accelerating integration of emerging markets in the global economy is gradually
translating into more robust governance and compliance frameworks.
Sixth, regulations: The adoption of RBC-type regimes in emerging insurance markets is in full swing, such
as in China, Thailand and Mexico. Regulators increasingly look at Solvency II as the ultimate role model
and consider RBC a logical (but intermediate) step between current static (premium-based) solvency
regimes and the fully risk-based and economic framework of Solvency II. Therefore, longer-term, ERM is
set to receive a powerful boost from regulatory requirements modeled along the Pillar II requirements of
Solvency II.
12
TRUST RE PERSPECTIVES
4. Implementing ERM
Trust Re example
in
high-growth
insurance
markets
–
The
For Trust Re, the main objectives of ERM can be defined as measuring, understanding and controlling risk
as a prerequisite to identifying profitable business opportunities. As such, it is the basis of a comprehensive
risk-based decision-making process which affects all aspects of the value chain, such as underwriting risks
whose performance is measured through RAROC (Risk-Adjusted Return on Capital).
Ultimately, ERM allows Trust Re to adopt a pragmatic and balanced approach to risk as illustrated by Figure 4.
Figure 4: A pragmatic and balanced approach to risk
A pragmatic, balanced approach
High
Managing
risk to add
value
Return
Exposed
and
destroying
value
Control to
minimise
risk
Value
Low
Ignorant
“Brakes off - out of
control”
Managing
Obsessed
Approach to risk
“Brakes on - going
nowhere”
Source: Trust Re
The Company believes in strong risk governance, with every employee being risk-aware, as described in
more detail in 4.1. For this reason, Trust Re attaches utmost importance to very clear statements of risk
appetite and corresponding measures of risk tolerance, based on an economic capital framework and
risk-adjusted measures designed to manage the business.
The first step to implementing the Company’s ERM framework was the thorough identification of risk
drivers. It was accelerated by the use of vendor models and a consistent linkage of all key business
processes to a risk-based capital model.
The following section provides an overview of Trust Re’s ERM framework and its evolvement. It sheds
light on the Company’s risk management culture, risk control processes, risk and economic capital models
and strategic risk management.
13
TRUST RE PERSPECTIVES
4.1. Risk management culture
At Trust Re, we expect every employee to think about the risks for the Company that may arise from his or
her actions, be it in operations, pricing, reserving, underwriting or investing. The concept of risk should be
universally conveyed and embraced across the firm. At Trust Re, the Risk Register Review process and the
Risk Management Liaison Structure are instrumental in embedding an effective risk management culture
across the organisation (see the ‘risk control’ section below for further details).
A crucial tool for achieving these objectives is an appropriate governance structure with a separate risk
management function. The overall oversight of the risk management activities is performed by the Board
of Directors. The Board needs to approve and regularly review the Company’s strategic management
of risk and capital. In addition, it ratifies risk definitions, risk profiles (i.e. broad parameters such as the
Company’s lines of business and geographical markets) and risk appetite (i.e. the level of uncertainty
which Trust Re is willing to accept in light of the risk reward trade-off and risk mitigation costs). The body
is also responsible for ensuring that the implemented risk management framework is suitable, effective
and proportionate to the nature, scale and complexity of the risks inherent in the business.
14
TRUST RE PERSPECTIVES
Figure 5: Trust Re Organisational chart
Trust Re Bahrain
Organisational Chart 2015
Board of Directors
Executive Council
- CEO
- Deputy CEO
- Planning & Business
Development Officer
- Corporate Services Officer
- Chief Operating Officer
Board Oversight Committees
Risk Committee
Executive Council
Nomination &
Remuneration
Committee
Audit Committee
Investment
Committee
CEO
Internal Audit
Deputy CEO
Planning & Business
Development Officer
Relationship
Reports to or direct
relationship
Administratively
reports to
Chief
Operating Officer
FAIR Oil & Energy
Insurance Syndicate
Managing Director
Corporate Services
Officer
Actuarial and Risk
Treaty Underwriting
Compliance & MLRO
Planning and
Performance
Retrocession
Finance
Information
Technology
Facultative
Underwriting
Asset Management
Corporate
Communication
Claims
Technical Accounts
Labuan Branch
Human Resources
Cyprus Branch
Administration
& Property
Texas Int’l
Underwriters
Legal Advisor
Life & Health
15
TRUST RE PERSPECTIVES
The Board of Directors has a Risk Committee. Its meetings are attended and prepared by Trust Re’s Head
of Actuarial and Risk Management who has a reporting line to the Committee and, as a recurring agenda
item, prepares a one-page report on the risk landscape of the Company, in addition to more in-depth
special reports. These reports outline required management responses and, therefore, have a clear link
to decision-making.
This organisational approach ensures that risk communication plays a vital role as part of risk governance.
There is an institutionalised flow of communication between Trust Re’s Head of Risk Management,
Executive Management and the Board which is ultimately responsible for determining the Company’s
risk appetite and supervising its risk management processes. Especially in the context of high-growth
insurance markets, it is absolutely crucial that risk oversight and P&L responsibilities are strictly separated.
The Board’s risk appetite statement is designed to create long-term shareholder value whilst protecting
Trust Re’s franchise value and preserving its balance sheet strength measured by economic capital and
liquidity. This is achieved through prudent risk management by actively mitigating or avoiding risks that
fall short of Trust Re’s risk/return requirements. Additionally the Board will not tolerate any business or
behaviour that does not reconcile with the Group’s values.
The risk appetite statement provides management with a comprehensive starting point and building
block for Trust Re’s overall approach to risk management. Its intention is to help express the maximum
level of risk Trust Re is prepared to accept in order to deliver its business objectives as articulated in the
business plan. In addition, the risk appetite statement guides specific management actions: “For the
purposes of risk appetite the indicated statements and Board level tolerances provide the risk limit (i.e.
absolute maximum level of exposure that is acceptable for a particular risk) which has then been broken
down into various thresholds (a level of exposure which, with appropriate approvals, can be exceeded,
but which, when exceeded, will trigger some form of response) that are monitored by the Risk Control
Reports. The policy will provide a summary of the limits and thresholds given the approved Risk Appetite
Risk Areas.” (quoted from Trust Re’s most recent Risk Management Policy).
Exposure against the risk limits are monitored on an ongoing basis and breaches are escalated and
appropriate actions are taken to reduce risk levels or re-evaluate the appropriateness of risk appetite
limits.
16
TRUST RE PERSPECTIVES
Figure 6: Risk appetite monitoring at Trust Re
Strategic Plan
Establish risk appetite and tolerance
Establish appropriate risk limits
Measure exposures and compare to limits
Report and react to breaches, take
appropriate action and re-evaluate
risk appetite
Trust Re places much emphasis on employee communication in order to foster an internal risk management
culture. Examples include staff training and awareness campaigns conducted by the Risk Management
Department as well as a regular ERM newsletter.
4.2. Risk identification and control processes
Trust Re has to be able to identify and measure all of its main risks. The balance sheet does not give any
meaningful information about risk; it is just a measure of exposure. Every well-run insurer and reinsurer
needs to be able to monitor risk and to keep loss potentials within the company’s risk tolerance. For that
purpose, risk owners need to be defined and risk control measures established.
The basis is environmental scanning in order to detect signals of any potential upcoming risk. This effort
also includes emerging and political risks which are identified separately, assessed and reported. Also,
specific stress tests and scenarios are being examined as part of the ORSA process and political risk is a
special and separate subject at each Board Risk Committee meeting.
Digression: Stress testing and scenario generation at Trust Re
Stress testing refers to shifting the value of individual parameters that affect the financial position of an
organisation and determining the effect on the business (for example, a doubling of staff turnover in a
key, high dependence business function).
Stress and scenario tests enable the Company to gain a better understanding of the significant risks it
can potentially face under extreme conditions and provides important input to determine the related
regulatory and economic capital requirements.
17
TRUST RE PERSPECTIVES
Scenario testing applies to a wider range of parameters that vary at the same time. This analysis often
examines the impact of catastrophic events on the Company’s financial position and/or operational
position (for example, a terrorist attack near the Company’s office), but could also include changes to
business plans, shock changes in business cycles and reputational damage from, for example, large scale
fraudulent financial reporting or fraud.
Stress and scenario testing is important as it helps to evaluate the financial and non-financial impact of
extreme, unexpected but plausible, large loss events, to determine the overall risk profile and to set the
risk appetite of the Company, given the capacity to bear or risk to be taken on.
The outcome of stress tests and scenario analyses are taken into account by the senior management
and Board of Directors when developing the Company’s long- and short-term business strategy,
capital management plan and risk tolerance.
This course of action includes the exploration of alternatives in order to ensure that solvency needs are
met even under unexpectedly adverse circumstances.
Figure 7: Scenario generation at Trust Re
Identify concerns
Identify potential events
Select the concerns that could lead
to large losses and/or reputational
damage
Potential
events
Concerns
Scenario
generation
Could different concerns lead to loss
events with greater financial cost and
other, e.g. reputational impacts?
Given the key concerns, what event
would result in a serious financial
and/or reputational impact?
Potential severe
financial and non
financial impacts
As far as political risk is concerned, Trust Re performs an assessment for each region of strategic relevance
to the Company, i.e. the Middle East, Sub-Saharan Africa, Asia, Eastern Europe and the CIS Countries.
The assessment is made on the basis of a weighted index of the following factors: Regime stability, risk
of expropriation, rule of law, business environment, corruption, macroeconomic environment, conflict
and terrorism. The analysis aims to establish the implications of political and terrorism risk on Trust Re
employees, physical assets, products, services, customers and reputation (Trust Re is in the process of
developing comprehensive risk management practices specifically for reputational risk).
18
TRUST RE PERSPECTIVES
Trust Re also places significant emphasis on emerging risks. As a multi-line, multi-location reinsurer,
the Company is exposed to such risks which often go unnoticed for a long time. These can be internal
risks, i.e. those which arise from sources within the Company and can be associated with its mission,
philosophy, strategy, products, portfolios and operations. In addition, there are external risks from the
political, economic, social, technological, legal or physical environments the Company operates in.
Trust Re is also systematically monitoring external loss events, i.e. losses experienced by third-party organisations.
External loss data can help the Company understand the types of potential losses it could face in the future.
But Trust Re does not stop at the identification of risks. Once a risk is identified, the Company tries to establish its
probable impact on the balance sheet and liquidity position should the risk materialise, also under stress scenarios.
Against this backdrop, control processes covering all of Trust Re’s risks have been established: Financial
risks such as credit and market risk, insurance risk and operational risk. Importantly, risk is not only
considered a numerical concept but extends to everything the Company actually does.
The Risk Register Review (RRR) process is one of the key elements of Trust Re’s risk identification
and assessment processes. This process has recently been enhanced with the introduction of named
responsibility and ownership of risks. It is structured as follows:
·
The Risk Owners for each of the Company’s 22 business units conduct regular reviews of their
departmental risks and draft an initial list of the identified risks in the Risk Definition Template.
These risks are then discussed with Trust Re’s Actuarial & Risk Management Department (A&R)
for their review and comments.
·
The Risk Owners, advised by A&R, describe their control measures for each of the risks identified.
The discussions also focus on proposed/enacted improvement actions for each risk listed in the
department’s Risk Definition Templates.
·
A&R will regularly (at least quarterly) survey/review the risks identified by the risk owners for
each business unit using risk registers to keep track of each risk’s state.
·
Regular risk assessments are carried out by A&R taking multiple factors into account, including
both external and internal risk factors. Risks are also challenged based on their overall score and
impact on the Company as a whole.
The RRR process also identifies operational risks and leads to respective capital requirements and tolerance limits.
19
TRUST RE PERSPECTIVES
At Trust Re, the RRR process is part of the Risk Management Liaison (RML) programme. The RML
structure consists of the Risk Owner, Risk Management Liaisons (RML) and Key Risk Indicator (KRI)
Reporters for each of the 22 business units of the Company. The risk owner is responsible for identifying
relevant risks and providing updated information via the Risk Reports (e.g. Risk Registers). The Risk
Management Liaisons are in charge of assisting the Risk Owners in identifying the relevant risks. They are
also responsible for updating the Risk Register for review by the Head of Department. In addition, they
prepare any additional risk reports for review. The RML also assist in the “roll out” of current and future
ERM initiatives and projects. The Key Risk Indicator Reporter assists the RML in the risk identification
process, updating the Risk Register for senior management review and completing the risk reports.
The RML programme is instrumental in ensuring Trust Re’s preparedness for the next unexpected risk,
something that does not yet exist on the balance sheet, but may materialise at any time. The spectrum is
broad, ranging from liability risks in litigious environments to terrorism and political risk.
Figure 8: Trust Re’s Risk Register process
Risk Register Review
Identify
operational risk
Assess risk impact
Operations
Actuarial and
Risk Department
Risk Owners
Business
Unit 1
• Identify risks
Business
Unit 2
Business
Unit 3
Business
Unit 4
Business
Unit 5
Business
Unit 6
• Enter the risk into
the risk register
Define risk
ownership
• Survey and review
risks identified
Report
• Review their
progress
• Assess risks under
external and internal
• Describe controls
• Enact mitigation or
improvement actions
• Track their
development
Counsel
influence
• Determine overall
score and impact of
risks on total
company
contribute to determining capital requirements
and tolerance limits
20
TRUST RE PERSPECTIVES
Figure 9: Trust Re’s Risk Management Liaison Programme
Risk Management Liaison
Early warning and identification process
Operations
Identify
and register
Business
Unit 1
ist
reg
fy
n ti
de
oi
tt
sis
As
Risk
Register
ate
pd
ou
Business
Unit 3
t
ort
pp
Su
Business
Unit 2
Risk
Owner
Business
Unit 5
Business
Unit 6
er
Business
Unit 4
Risk
Management
Liaison
Key Risk
Indicator
Reporter
Assist in the process
Roll out
ERM initiative
Report to
Exec. Mgmt.
One of the key components of Trust Re’s risk control environment is the ‘Own Risk and Solvency
Assessment’ (ORSA). The Company’s strong proprietary analytical skills allow Trust Re to perform an
ORSA, a core element of future regulatory environments, not just under the upcoming Solvency II regime
in the European Union but also in the United States and other parts of the world. Under the ORSA,
Trust Re develops its own view of today’s and future risks facing the Company and the capital required
to underpin those risks. For Trust Re, the ORSA is not a document prepared for regulatory compliance
only. More importantly, it is a key reporting element underlying the Company’s internal decision-making
processes, establishing a link between risk management, capital management and strategic planning.
Simply speaking, ORSA describes how risk is quantified and managed under stressed conditions. In
addition, Trust Re uses it to provide management and the Board with prospective solvency assessments
which feed into medium-term business planning and longer-term strategy development. As such, it is
an indispensable basis for the Board of Directors to take decisions on the Company’s future strategic
direction and to be actively involved in all relevant underlying processes.
More specifically, at Trust Re, the ORSA report consists of three modules: The first module offers an
overview of the Company’s business, organisational and market position with the aim to clarify the
nature of risks it is exposed to. This section also describes the risk identification and assessment process
and discusses the risk appetite over the planning horizon. The second part offers a forward-looking
assessment of Trust Re’s solvency position based on the status quo and its business plan for the next three
years. Scenario building and stress testing are also included so that the management is able to assess
21
TRUST RE PERSPECTIVES
the potential impact of adverse events on the Company’s solvency position and prepare appropriate
responses. The third part of the ORSA report tries to validate the processes and tools which are used to
assess Trust Re’s ability to react to adverse events. This validation is based on an assessment of ORSA
governance and embedded into the organis ation.
Figure 10: Trust Re’s ORSA process
ORSA: Present and future risk assessment
Strategic
planning
Module 1:
• Describe risk landscape
Risk Categories
• Identify and assess risk
Underwriting
risk
Module 2:
rfo
Risk
Capital
Pe
tal
api
rm
fC
an
ce
st o
Co
Investment
risk
Counter-party
credit risk
• Define risk appetite
Return
• Assess future solvency position
• Execute scenario building and
stress testing
Operational
risk
Market risk
• Validate processes and tools
• Assess ability to react to
adverse events
Solvency
Risk
Management
Module 3:
Capital
Management
The ORSA process encompasses all relevant risk categories such as underwriting risk (premium, reserving,
catastrophe, scenario-based accumulations), investment risk (credit risk, liquidity risk, volatility), counterparty credit risk (retrocessionnaires, banks) and operational risk.
As such, it is an important basis for determining Trust Re’s risk strategy and appetite. The latter is also
driven by S&P’s and AM Best’s AAA capital adequacy requirement on a 99.5% level.
Conceptually and organisationally, Trust Re’s risk control process is secured by three main lines of defence:
· The 1st line of defence relates to the management of risk at the points where they arise.
These activities are carried out by persons who take on risks on behalf of the Company. Risk
management at this level consists of appropriate checks and controls, incorporated in the
relevant procedures and the guidelines that are set by the Executive Council with the assistance
of the risk management function (RMF).
22
TRUST RE PERSPECTIVES
·
The 2nd line of defence consists of the risk management activities that are carried out by the
RMF and important support functions. Specifically, the RMF is responsible for the continuous
monitoring and compliance of its policies and procedures. It also refers to the risk management
activities performed by the Risk Committee and includes the approval and oversight of the
implementation of risk policies and the establishment of systems and controls so that the overall
level of risks and the relationship between risk and reward remain within acceptable levels.
·
The actuarial function, in its advisory capacity, provides technical expertise to both the 1st and
2nd line of defence.
·
The 3rd line of defence is the activities of Internal Audit that through its work provides an
independent assurance to the Board of Directors on the performance and effectiveness of Trust
Re’s risk management systems and processes. The unit conducts regular internal audits of the
procedures applied for managing all types of risks and their effectiveness; the results of these
audits are summarised in reports submitted to the Board, through the Audit Committee, and to
the Senior Management.
23
TRUST RE PERSPECTIVES
Figure 11: Trust Re’s three lines of defence framework
Trust Re Board of
Directors
CEO
Line 1: Management
Line 2: Control
Line 3: Assurance
Risk Committee
Board
Committees
Audit Committee
Nomination and
Remuneration
Committee
Executive
Management
EXCO
Underwriting
Actuarial & Risk
Internal Audit
Claims
Functions
/ Business
Units
Finance
Compliance
Legal
Operational Quality
Assurance
Other Support Functions
(HR, IT, etc.)
4.3. Risk and economic capital models
In the context of ERM, a variety of models is used, ranging from catastrophe and reserving models to
economic capital models. Most importantly, companies need to have a clear view on why they are using
which models, who manages them, which results are produced and how they benefit operations.
Trust Re’s risk evaluation usually follows the risk identification phase of the ERM cycle and involves a
wide range of methodologies and approaches. The Actuarial & Risk Management Department is taking
the lead in risk evaluation, examining the potential impact and likelihood of occurrence of risk outcomes.
In addition to risk assessment through the Risk Register Review process as described above, various risk
evaluation and quantification tools – all of them risk-based – have been developed, including:
24
·
Scenario and Stress Tests
·
Internal Risk Capital Models
TRUST RE PERSPECTIVES
·
Regulatory (Solvency II) and Rating Agency (AM Best and S&P) Capital Models and
·
Financial and Investment Models
Trust Re’s risk evaluation includes the quantification of both individual and aggregate risk positions using
various risk metrics and methodologies which recognise both current and potential internal activities and
risk positions as well as the external economic and market environment as far as possible. In order to
keep metrics and methodologies current, Trust Re performs this evaluation process quite frequently, and
at least quarterly.
Very importantly, Trust Re considers sophisticated risk evaluation tools as pivotal in business steering
and facilitation. For example, the Company’s internal economic capital model enables it to take better
capital allocation, pricing, product development and retrocession purchasing decisions. Its most obvious
use is the definition of Trust Re’s overall risk tolerance, including value at risk (VaR), tail value at risk
(TVaR), probable maximum loss (PML) and resulting risk limits. The economic capital model must take into
account the whole spectrum of risks facing the Company, allowing for the quantification of diversification
effects and dependencies.
In Trust Re’s view, the setting of corporate risk tolerance is a process which starts with a statement of
risk appetite such as “We want to maintain a single A financial strength rating” or “We want to have a
certain excess of capital compared to our economic capital and/or rating agency or Solvency II measures”.
This qualitative definition of risk appetite is then translated into a quantitative statement of risk appetite,
known as risk tolerance which, in turn, is the basis of a company’s risk limits.
4.4. Strategic risk management
Strategic risk management is arguably the most relevant benefit of ERM. It comes with a company’s
ability to measure all risks with a unique and consistent measure, establish a risk-adjusted measure
of profitability, and then to benchmark every action or every risk against this measure of profitability
or measure of risk. Ultimately, based on its economic capital model, the company can choose, for
a given level of risk, the most profitable business or the risk implications for its target level of
profitability.
In order to ensure an appropriate risk-reward balance in all of its risk taking activities, Trust Re has
established a robust Enterprise Risk Management (ERM) framework which is embedded throughout
the business. This framework covers various areas including the risk management structure, risk
governance, risk identification, risk-based capital requirements and risk controls capabilities within
the Company’s risk appetite. Trust Re’s ERM framework is also a key component of its decision-
25
TRUST RE PERSPECTIVES
making processes. Strategic planning, pricing, asset allocation, reinsurance strategy and capital
budgeting for instance all have to undergo a thorough risk-reward analysis to determine their
impact on the Company’s risk-adjusted return.
4.5 Guiding principles
Trust Re ERM framework is based on the following principles:
1. Controlled risk-taking
A wise and prudent approach to choosing risks which create value and build customers’ trust are central
to Trust Re’s value proposition. As such, the Company has implemented a clearly defined risk control
framework which ensures adherence to its risk appetite and risk tolerance limits.
2. Effective strategic risk management
The consistent execution of a rigorous risk-rewards analysis is an integral part of Trust Re’s decision
making process. The Company’s risk function is therefore mandated by the Board of Directors to ensure
the effective integration of risk models into the organisation’s strategic and day-to-day decision-making
processes.
3. Clear accountability and responsibility
Trust Re operates on the basis of delegated and clearly defined authority levels. All individuals are
accountable for the risks they identify and/or assume. These are aligned with the Company’s overarching
objectives and embedded in the risk management process.
4. Protection of the balance sheet from shock events
The risk management function monitors the Company’s risk-taking activities, including new and emerging
risks. The risk evaluation process also includes the understanding and analysis of the financial impact and
business implications of infrequent large events.
5. Independent risk-based audit
An independent risk-based internal audit is performed at all levels and across all operational functions
of the Company. It covers all risks and internal controls identified in the Risk Register process as well as
additional testing so as to ensure the adequacy of internal controls.
An important aspect of Trust Re’s strategic risk management is risk mitigation through reinsurance and
other means. The Company’s risk mitigation strategy is very closely aligned with its risk appetite, risk
tolerance and risk limits. Furthermore, it involves the identification, quantification and implementation
of specific processes, strategies and/or solutions to eliminate, reduce or transfer risk. Examples of risk
26
TRUST RE PERSPECTIVES
mitigation strategies include reinsurance, hedging, loss control measures, changes in governance or
control processes, adjustments in the portfolio mix, distribution strategies, targeting or exiting specific
markets and product lines or reducing coverage.
Figure 12: Trust Re’s integrated risk management framework
om
on
Ec
Monitoring
Results
Performance
Results
Identification
Insurance Risk
Operational Risk
Strategic Risk
Market Risk
g
tin ies
Ra nc
e
Ag
y
Marketplace
Evaluation
RISK
CORE
Exposure Analysis
ORSA
Capital Modeling
Risk/Reward
to
la
gu
Re
al
rn
te t
Ex udi
A
rs
Strategy
Risk Appetite
Risk Limits
Risk Mitigation
Business Plan
Risk Capital
Investment
Community
Figure 12 illustrates Trust Re’s overall approach to risk management. The risk management cycle starts with
the identification of the Company’s core risks in insurance, operations, strategy execution and the financial
markets. Upon identification, these risks are evaluated by means of exposure and risk/reward analysis, capital
modelling and the ORSA process. The findings from the evaluation phase translate into strategic decisions such
as the definition of the risk appetite and risk limits, the adoption and optimisation of risk mitigation, investment
and underwriting strategies as well as the development of medium-term business plans and long-term strategic
maps. The final phase is dedicated to monitoring the results of identified, evaluated and strategised risk.
The Risk Management Department leads this process and all other corporate units are obliged to cooperate
with it. For example, the Department’s catastrophe limits are binding. Similarly, pricing needs to be based
on actuarial models, with deviations clearly defined. Risk management is also in charge of reserving. Any
developments are reported back to the underwriting units. Risk-adjusted performance measurement is a
further key role of Trust Re’s risk management function. It is based on capital allocation as determined by
the Company’s economic capital model.
27
TRUST RE PERSPECTIVES
5.Conclusions
ERM is rapidly gaining relevance in high-growth insurance markets. Insurers’ retention levels
increase, the availability and quality of relevant data is improving, a new generation of leaders
is understanding the value of analytics, expatriate talent effectively fills the gap created by the
shortage of local expertise, the integration of emerging markets is translating into more robust
governance and compliance frameworks, and an increasing number of markets are adopting riskbased solvency regimes.
Against the backdrop of these dynamics, Trust Re considers itself a forerunner in advancing metricbased risk management as a means for choosing risks wisely to create shareholder value and build
customer trust. In order to be effective, the respective framework must be embedded in decisionmaking throughout the organisation, making it an instrumental tool for steering the Company.
Only then can ERM help reduce the volatility and strengthen the resilience of corporate earnings.
This publication demonstrates that the strategic case for and the proper implementation of ERM does
not depend on ‘deep corporate pockets’. What counts most is the overall mind-set as epitomised by
the risk management culture and a firm’s ability to tailor ERM to specific organisational, business
and market needs.
With strong leadership and endorsement from the Board and managed by an empowered risk
management function, any aspiring emerging markets insurer can reap the benefits of ERM. On
this foundation, lean risk control and identification processes (such as a Risk Register Review),
risk capital models (leveraging the rating agencies’ approach, for example) and strategic risk
management frameworks can be established.
In today’s competitive environment, ERM is very likely to develop into a prerequisite for long-term
success, based on the ability to maximise risk-adjusted profitability.
This is particularly true for domestic insurers operating in high-growth markets as they face
challenges such as risk-based solvency requirements, spiralling levels of exposure, a lack of reliable
data and increased pressure from foreign competitors.
Therefore, Trust Re pursues a proactive approach to ERM. It is a prerequisite for steering the
Company by transparent criteria and, ultimately, building a competitive edge. As such, it is
characterised by a regular and systematic involvement of the Board of Directors. This involvement
is vital for harnessing ERM in order to balance the generation of growth and profitability on the
28
TRUST RE PERSPECTIVES
one hand and the detection and mitigation of risks, and those of an emerging nature in particular,
on the other. For both areas, the corporate sponsors of ERM need to provide evidence as to their
added value and communicate it effectively to all relevant internal and external stakeholders.
29
Copyright © 2015 Trust Re. All rights including the Author’s rights are reserved to Trust Re.
Title: Adopting Enterprise Risk Management (ERM) in High-Growth Insurance Markets: The Trust Re experience
Author: Marios Argyrou, Head of Actuarial and Risk Management Department, Trust Re, in conjunction with
Dr. Schanz, Alms & Company AG
www.trustre.com
ISK MANAGEMENT
NAGEMENT RISK M
ENT RISK MANAGEM
K MANAGEMENT R
AGEMENT RISK MAN
ISK MANAGEMENT
NAGEMENT RISK M
ENT RISK MANAGEM
K MANAGEMENT R
AGEMENT RISK MAN
ISK MANAGEMENT
NAGEMENT RISK M
Related documents
Managing Risk for Opportunity
Managing Risk for Opportunity
Full Word texts
Full Word texts
Enterprise Risk Management
Enterprise Risk Management
Azoturia / Tying Up - Fellowes Farm Equine Clinic
Azoturia / Tying Up - Fellowes Farm Equine Clinic
Enterprise Risk Management
Enterprise Risk Management
Quadrants of Risk
Quadrants of Risk
FERM domain proteins
FERM domain proteins
ARITHMETIC SERIES. FORMULAE FOR THE NTH TERM AND
ARITHMETIC SERIES. FORMULAE FOR THE NTH TERM AND
Teacher`s Notes - Inside Out.net
Teacher`s Notes - Inside Out.net
Enterprise Risk Management
Enterprise Risk Management