Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
PERSPECTIVES SUMMER 2015 RISK MANAGEMEN ANAGEMENT RISK MENT RISK MANAG ISK MANAGEMENT NAGEMENT RISK M RISK MANAGEMEN ANAGEMENT RISK MENT RISK MANAG ISK MANAGEMENT NAGEMENT RISK M RISK MANAGEMEN ANAGEMENT RISK ADOPTING ENTERPRISE RISK MANAGEMENT (ERM) IN HIGH-GROWTH INSURANCE MARKETS THE TRUST RE EXPERIENCE Adopting Enterprise Risk Management (ERM) in High-Growth Insurance Markets The Trust Re experience Summer 2015 Contents: 1. Preface by the Chief Executive Officer..........................................................6 2. The growing global importance of ERM.......................................................8 3. ERM in high-growth insurance markets......................................................11 4. The Trust Re example..................................................................................13 5. Conclusions.................................................................................................28 TRUST RE PERSPECTIVES 1. Preface by the Chief Executive Officer Risk management lies at the core of every (re)insurer’s value proposition. Rooted in and thoroughly familiar with high-growth environments, Trust Re considers itself a forerunner in advancing metric-based risk management as a means to make value-accretive decisions in less mature insurance markets. For us, Enterprise Risk Management (ERM) is about guiding our business in choosing risks wisely to create value and build customer trust. The respective framework is embedded in decision-making throughout the organisation. It is instrumental in steering the Company. In emerging markets ERM is still often perceived as an onerous regulatory burden and a mere compliance requirement. The strategic opportunities and benefits arising from ERM are frequently ignored. This publication is meant to address this deficiency. Based on our proprietary processes which are aligned with the specific requirements of a high-growth market environment, we would like to make the strategic case for ERM, with a particular emphasis on those elements which do not necessitate major financial investments. As risks become transparent, measurable and manageable, Trust Re’s performance profits from lower volatility and a greater resilience. At the same time, policyholders are set to benefit from more adequate, risk-based pricing and a lower counterparty risk, while rating agencies and regulators feel more comfortable with the Company’s security. We are convinced that our ERM system provides us with a distinct competitive advantage and would like to encourage our customers to also embrace the opportunities of ERM – for their own and the entire market’s benefit. In insurance and reinsurance, we deal with people’s fear and risks; as such we firmly believe that ERM should be a continuous responsibility for generations to come. Trust Re’s application of ERM also demonstrates that a proper implementation of effective ERM is not at all a matter of an insurer’s size or resources. Rather, what counts is the overall mind-set and a firm’s ability to tailor ERM to specific organisational, business and market needs. With strong leadership and endorsement from the Board, and managed by an empowered risk management function, Trust Re has established a comprehensive risk culture which assures awareness of risk and accountability throughout the organisation. All risks Trust Re is facing – be they market, insurance, operational or credit risks – are consistently defined, measured, registered, monitored, reported and mitigated. The Company’s risk appetite and control mechanisms, which duly reflect Trust Re’s risk profile and risk tolerance, are regularly reviewed and approved through a tight network of systems and processes, which include the forward looking view of Trust Re’s Own Risk and Solvency Assessment (ORSA), scenario and stress testing as well as internal, regulatory and rating agency capital models. 06 TRUST RE PERSPECTIVES Ultimately, Trust Re’s ERM process enables us to write business which maximises our risk-adjusted profitability. Through this publication we seek to encourage and support our clients and other stakeholders to capture this potential. Fadi AbuNahl CEO Trust Re 07 TRUST RE PERSPECTIVES 2. The growing global importance of ERM What is ERM? Enterprise Risk Management (ERM) is about holistically and consistently identifying, managing and reporting current and future risks across the enterprise, measuring their financial impact and controlling the performance of corporate and business strategy. What is behind the rise of ERM? In the insurance sector, ERM started rising to prominence from the beginning of this century. The confluence of the 9/11 terrorist attacks and the almost simultaneous global stock market downturn caused the bursting of the dotcom bubble, and thus fuelled concerns about cumulating consequences of low probability events. For the first time, many insurers were simultaneously hit on the asset and liability side of their balance sheets. And regulators, also for the first time, started musing about systemic risk in the global insurance and reinsurance sector. It was only logical for them to call for higher capital and risk management requirements in insurance. In addition, also outside of the insurance industry, interest in a proper enterprise risk management was fuelled by the view that almost all risk events impacting corporations could have been predicted, prepared for and subsequently better managed, possibly even avoided. The collapse of the US Corporation Enron in 2001 stands out as the example for a disaster that triggered heightened demand for an improvement in risk management and its standards. Towards risk-based and economic regulatory frameworks In light of the resilient and robust US Risk-Based Capital (RBC) system, introduced as early as 1994, some countries embarked on a risk-orientated approach to insurance regulation, including Canada, Australia, the UK and Switzerland. In 2003, the European Union launched the Solvency II project, following the principles of Basel II with its three-pillar approach to banking regulation. Solvency II is more ambitious than RBC though: It relies on market-consistent valued assets and liabilities, whereas RBC is based on US statutory accounting rules, and thus does not fully reflect the true economic reality of a company’s balance sheet. It is widely believed that solvency regimes based on economic principles and an all-risk approach point the global way forward for insurance and reinsurance regulatory regimes. Pillar 1 of Solvency II focuses on the calculation of the insurer’s Solvency Capital Requirement (SCR), using a risk-based internal model and/or a standard formula. Pillar 2 is particularly relevant to ERM: It addresses internal control, risk management, governance, compliance and reporting systems. Regulated entities will have to put up appropriate risk management frameworks which need to be transparent, well-documented and embedded in all major business processes. Pillar 3 is about transparency and 08 TRUST RE PERSPECTIVES stipulates specific obligations regarding the level of information for and communication with regulators and market participants. Ultimately, disclosure requirements are expected to enhance market discipline and to promote the protection of policyholders and overall financial stability. Figure 1: Solvency II as a catalyst for ERM The three pillars of Solvency II Capital, governance and disclosure PILLAR 1 PILLAR 2 PILLAR 3 • Capital requirements reflect economic balance sheet view and comprehensive risk consideration • Group supervision by a College of Supervisors • Improved risk disclosure to the public and confidential disclosure to supervisory authorities • • Solvency capital requirements to absorb a 1 in 200 year event • Disclosure to include risk profile and risk management standards • Capital can be determined based on a standard formula or an internal model Own Risk and Solvency Assessment (ORSA) covering - Risk identification - Risk measurement - Risk management - Risk monitoring Quantitative requirements Supervision and risk governance Reporting and disclosure Source: Adapted from the European Commission © Dr. Schanz, Alms & Company Rating agencies embrace ERM as a key determinant of rating decisions In addition to regulators, rating agencies quickly grasped the relevance of ERM. For example, Standard & Poor’s introduced ERM as a critical component of its rating methodology in 2005. Concepts such as ‘risk appetite’, ‘risk tolerance’, ‘diversification’, the evaluation of extreme scenarios and the anticipation of emerging risks now play a major role in rating decisions. Key risk categories of a modern ERM system The main risk categories covered by ERM are market risk, insurance risk, credit risk, business strategy risk and operational risk. In order to measure and control them, an appropriate ERM programme will use an internal model based on a holistic approach, the modelling of dependencies and the measurement of diversification effects. Other key elements of a modern ERM framework include an internal control system to manage operational and reserving risks, an emerging risk framework and a reinsurance/retrocession programme to limit corporate risk. Competitive advantages through ERM Enterprise Risk Management goes far beyond meeting the expectations of key stakeholders such as regulators and rating agencies. As opposed to traditional risk management, it ultimately confers a distinct competitive advantage to insurers practising it. A company that knows how to manage and measure 09 TRUST RE PERSPECTIVES its risks consistently can choose the risks with the highest risk-adjusted returns. Therefore, ERM is a prerequisite to return optimisation. ERM needs to be tailored to specific corporate needs Of course, ERM does not lend itself to a ‘one size fits all’ approach. A global multi-line insurer needs a much more sophisticated ERM programme than a niche player who only operates in one line of business and one country. Also, there is a direct link between risk management and capitalisation. A company that carries significant excess of capital can withstand losses that are outside its risk tolerance, as opposed to a company that runs on a very tight level of capital. The latter will need to make sure that the losses stay within its tolerance. In this way the importance of ERM is linked to the level of capital adequacy or excess capital. Stakeholder benefits ERM in combination with economic value-based performance measurement and business planning is likely to provide policyholders with more transparency and improved risk-adjusted prices. Investors, too, are set to benefit, e.g. from enhanced disclosure and ‘better run’ insurance companies embracing economic principles. And even society at large stands to benefit as insurance companies grow more robust and become (even) less likely to default at the expense of taxpayers. Figure 2: How ERM benefits key stakeholders Stakeholder group Expected benefits Customers - More transparency - More risk-adequate prices - Lower counterparty risks - Much improved disclosure - Better run insurance companies - Less volatile returns - More robust insurance companies (lower probability of default and threats to financial stability) Investors Society at large 10 TRUST RE PERSPECTIVES 3. ERM in high-growth insurance markets The concept of ERM still faces many obstacles in emerging (insurance) markets and needs to be carefully adapted to local needs and peculiarities. However, there are powerful forces at work which are set to pave the way for ERM in high-growth environments as well. Figure 3: High-growth market dynamics favour ERM Less abundant capital Improved data quality Stricter governance More experienced talent Tighter regulations Greater risk awareness First, capital: Domestic insurers in emerging markets (e.g. the Middle East) are traditionally comfortably capitalised and, more often than not, overcapitalised. One of the reasons behind excess capital positions is a heavy reliance on reinsurance. However, as awareness of market risk (e.g. stock market volatility) grows and retention levels increase insurers need to fund rapid business growth. Second, data: Availability and quality of relevant data is still notoriously deficient in most high-growth markets. However, here as well, things are improving. One example is catastrophe models which increasingly cover emerging market exposures. Third, talent: Data needs to be processed and models need to be calibrated. Local talent is still in short supply. Experienced expatriate staff is filling the gap, increasingly also in countries such as China. 11 TRUST RE PERSPECTIVES Fourth, culture: As reliable data is still hard to come by, intuition and experience matter more than anything else in many emerging markets. In such an environment, it is difficult to establish (quantitative) ERM systems. However, a younger generation of leaders that is adopting a different perspective on analytics is slowly emerging. Fifth, compliance and governance: Shortcomings still abound as respective legal and regulatory requirements are missing or lack teeth and bite. In addition, linear (rather than matrix) reporting lines are most common in emerging markets, making the business side usually prevail over the risk management function. However, the accelerating integration of emerging markets in the global economy is gradually translating into more robust governance and compliance frameworks. Sixth, regulations: The adoption of RBC-type regimes in emerging insurance markets is in full swing, such as in China, Thailand and Mexico. Regulators increasingly look at Solvency II as the ultimate role model and consider RBC a logical (but intermediate) step between current static (premium-based) solvency regimes and the fully risk-based and economic framework of Solvency II. Therefore, longer-term, ERM is set to receive a powerful boost from regulatory requirements modeled along the Pillar II requirements of Solvency II. 12 TRUST RE PERSPECTIVES 4. Implementing ERM Trust Re example in high-growth insurance markets – The For Trust Re, the main objectives of ERM can be defined as measuring, understanding and controlling risk as a prerequisite to identifying profitable business opportunities. As such, it is the basis of a comprehensive risk-based decision-making process which affects all aspects of the value chain, such as underwriting risks whose performance is measured through RAROC (Risk-Adjusted Return on Capital). Ultimately, ERM allows Trust Re to adopt a pragmatic and balanced approach to risk as illustrated by Figure 4. Figure 4: A pragmatic and balanced approach to risk A pragmatic, balanced approach High Managing risk to add value Return Exposed and destroying value Control to minimise risk Value Low Ignorant “Brakes off - out of control” Managing Obsessed Approach to risk “Brakes on - going nowhere” Source: Trust Re The Company believes in strong risk governance, with every employee being risk-aware, as described in more detail in 4.1. For this reason, Trust Re attaches utmost importance to very clear statements of risk appetite and corresponding measures of risk tolerance, based on an economic capital framework and risk-adjusted measures designed to manage the business. The first step to implementing the Company’s ERM framework was the thorough identification of risk drivers. It was accelerated by the use of vendor models and a consistent linkage of all key business processes to a risk-based capital model. The following section provides an overview of Trust Re’s ERM framework and its evolvement. It sheds light on the Company’s risk management culture, risk control processes, risk and economic capital models and strategic risk management. 13 TRUST RE PERSPECTIVES 4.1. Risk management culture At Trust Re, we expect every employee to think about the risks for the Company that may arise from his or her actions, be it in operations, pricing, reserving, underwriting or investing. The concept of risk should be universally conveyed and embraced across the firm. At Trust Re, the Risk Register Review process and the Risk Management Liaison Structure are instrumental in embedding an effective risk management culture across the organisation (see the ‘risk control’ section below for further details). A crucial tool for achieving these objectives is an appropriate governance structure with a separate risk management function. The overall oversight of the risk management activities is performed by the Board of Directors. The Board needs to approve and regularly review the Company’s strategic management of risk and capital. In addition, it ratifies risk definitions, risk profiles (i.e. broad parameters such as the Company’s lines of business and geographical markets) and risk appetite (i.e. the level of uncertainty which Trust Re is willing to accept in light of the risk reward trade-off and risk mitigation costs). The body is also responsible for ensuring that the implemented risk management framework is suitable, effective and proportionate to the nature, scale and complexity of the risks inherent in the business. 14 TRUST RE PERSPECTIVES Figure 5: Trust Re Organisational chart Trust Re Bahrain Organisational Chart 2015 Board of Directors Executive Council - CEO - Deputy CEO - Planning & Business Development Officer - Corporate Services Officer - Chief Operating Officer Board Oversight Committees Risk Committee Executive Council Nomination & Remuneration Committee Audit Committee Investment Committee CEO Internal Audit Deputy CEO Planning & Business Development Officer Relationship Reports to or direct relationship Administratively reports to Chief Operating Officer FAIR Oil & Energy Insurance Syndicate Managing Director Corporate Services Officer Actuarial and Risk Treaty Underwriting Compliance & MLRO Planning and Performance Retrocession Finance Information Technology Facultative Underwriting Asset Management Corporate Communication Claims Technical Accounts Labuan Branch Human Resources Cyprus Branch Administration & Property Texas Int’l Underwriters Legal Advisor Life & Health 15 TRUST RE PERSPECTIVES The Board of Directors has a Risk Committee. Its meetings are attended and prepared by Trust Re’s Head of Actuarial and Risk Management who has a reporting line to the Committee and, as a recurring agenda item, prepares a one-page report on the risk landscape of the Company, in addition to more in-depth special reports. These reports outline required management responses and, therefore, have a clear link to decision-making. This organisational approach ensures that risk communication plays a vital role as part of risk governance. There is an institutionalised flow of communication between Trust Re’s Head of Risk Management, Executive Management and the Board which is ultimately responsible for determining the Company’s risk appetite and supervising its risk management processes. Especially in the context of high-growth insurance markets, it is absolutely crucial that risk oversight and P&L responsibilities are strictly separated. The Board’s risk appetite statement is designed to create long-term shareholder value whilst protecting Trust Re’s franchise value and preserving its balance sheet strength measured by economic capital and liquidity. This is achieved through prudent risk management by actively mitigating or avoiding risks that fall short of Trust Re’s risk/return requirements. Additionally the Board will not tolerate any business or behaviour that does not reconcile with the Group’s values. The risk appetite statement provides management with a comprehensive starting point and building block for Trust Re’s overall approach to risk management. Its intention is to help express the maximum level of risk Trust Re is prepared to accept in order to deliver its business objectives as articulated in the business plan. In addition, the risk appetite statement guides specific management actions: “For the purposes of risk appetite the indicated statements and Board level tolerances provide the risk limit (i.e. absolute maximum level of exposure that is acceptable for a particular risk) which has then been broken down into various thresholds (a level of exposure which, with appropriate approvals, can be exceeded, but which, when exceeded, will trigger some form of response) that are monitored by the Risk Control Reports. The policy will provide a summary of the limits and thresholds given the approved Risk Appetite Risk Areas.” (quoted from Trust Re’s most recent Risk Management Policy). Exposure against the risk limits are monitored on an ongoing basis and breaches are escalated and appropriate actions are taken to reduce risk levels or re-evaluate the appropriateness of risk appetite limits. 16 TRUST RE PERSPECTIVES Figure 6: Risk appetite monitoring at Trust Re Strategic Plan Establish risk appetite and tolerance Establish appropriate risk limits Measure exposures and compare to limits Report and react to breaches, take appropriate action and re-evaluate risk appetite Trust Re places much emphasis on employee communication in order to foster an internal risk management culture. Examples include staff training and awareness campaigns conducted by the Risk Management Department as well as a regular ERM newsletter. 4.2. Risk identification and control processes Trust Re has to be able to identify and measure all of its main risks. The balance sheet does not give any meaningful information about risk; it is just a measure of exposure. Every well-run insurer and reinsurer needs to be able to monitor risk and to keep loss potentials within the company’s risk tolerance. For that purpose, risk owners need to be defined and risk control measures established. The basis is environmental scanning in order to detect signals of any potential upcoming risk. This effort also includes emerging and political risks which are identified separately, assessed and reported. Also, specific stress tests and scenarios are being examined as part of the ORSA process and political risk is a special and separate subject at each Board Risk Committee meeting. Digression: Stress testing and scenario generation at Trust Re Stress testing refers to shifting the value of individual parameters that affect the financial position of an organisation and determining the effect on the business (for example, a doubling of staff turnover in a key, high dependence business function). Stress and scenario tests enable the Company to gain a better understanding of the significant risks it can potentially face under extreme conditions and provides important input to determine the related regulatory and economic capital requirements. 17 TRUST RE PERSPECTIVES Scenario testing applies to a wider range of parameters that vary at the same time. This analysis often examines the impact of catastrophic events on the Company’s financial position and/or operational position (for example, a terrorist attack near the Company’s office), but could also include changes to business plans, shock changes in business cycles and reputational damage from, for example, large scale fraudulent financial reporting or fraud. Stress and scenario testing is important as it helps to evaluate the financial and non-financial impact of extreme, unexpected but plausible, large loss events, to determine the overall risk profile and to set the risk appetite of the Company, given the capacity to bear or risk to be taken on. The outcome of stress tests and scenario analyses are taken into account by the senior management and Board of Directors when developing the Company’s long- and short-term business strategy, capital management plan and risk tolerance. This course of action includes the exploration of alternatives in order to ensure that solvency needs are met even under unexpectedly adverse circumstances. Figure 7: Scenario generation at Trust Re Identify concerns Identify potential events Select the concerns that could lead to large losses and/or reputational damage Potential events Concerns Scenario generation Could different concerns lead to loss events with greater financial cost and other, e.g. reputational impacts? Given the key concerns, what event would result in a serious financial and/or reputational impact? Potential severe financial and non financial impacts As far as political risk is concerned, Trust Re performs an assessment for each region of strategic relevance to the Company, i.e. the Middle East, Sub-Saharan Africa, Asia, Eastern Europe and the CIS Countries. The assessment is made on the basis of a weighted index of the following factors: Regime stability, risk of expropriation, rule of law, business environment, corruption, macroeconomic environment, conflict and terrorism. The analysis aims to establish the implications of political and terrorism risk on Trust Re employees, physical assets, products, services, customers and reputation (Trust Re is in the process of developing comprehensive risk management practices specifically for reputational risk). 18 TRUST RE PERSPECTIVES Trust Re also places significant emphasis on emerging risks. As a multi-line, multi-location reinsurer, the Company is exposed to such risks which often go unnoticed for a long time. These can be internal risks, i.e. those which arise from sources within the Company and can be associated with its mission, philosophy, strategy, products, portfolios and operations. In addition, there are external risks from the political, economic, social, technological, legal or physical environments the Company operates in. Trust Re is also systematically monitoring external loss events, i.e. losses experienced by third-party organisations. External loss data can help the Company understand the types of potential losses it could face in the future. But Trust Re does not stop at the identification of risks. Once a risk is identified, the Company tries to establish its probable impact on the balance sheet and liquidity position should the risk materialise, also under stress scenarios. Against this backdrop, control processes covering all of Trust Re’s risks have been established: Financial risks such as credit and market risk, insurance risk and operational risk. Importantly, risk is not only considered a numerical concept but extends to everything the Company actually does. The Risk Register Review (RRR) process is one of the key elements of Trust Re’s risk identification and assessment processes. This process has recently been enhanced with the introduction of named responsibility and ownership of risks. It is structured as follows: · The Risk Owners for each of the Company’s 22 business units conduct regular reviews of their departmental risks and draft an initial list of the identified risks in the Risk Definition Template. These risks are then discussed with Trust Re’s Actuarial & Risk Management Department (A&R) for their review and comments. · The Risk Owners, advised by A&R, describe their control measures for each of the risks identified. The discussions also focus on proposed/enacted improvement actions for each risk listed in the department’s Risk Definition Templates. · A&R will regularly (at least quarterly) survey/review the risks identified by the risk owners for each business unit using risk registers to keep track of each risk’s state. · Regular risk assessments are carried out by A&R taking multiple factors into account, including both external and internal risk factors. Risks are also challenged based on their overall score and impact on the Company as a whole. The RRR process also identifies operational risks and leads to respective capital requirements and tolerance limits. 19 TRUST RE PERSPECTIVES At Trust Re, the RRR process is part of the Risk Management Liaison (RML) programme. The RML structure consists of the Risk Owner, Risk Management Liaisons (RML) and Key Risk Indicator (KRI) Reporters for each of the 22 business units of the Company. The risk owner is responsible for identifying relevant risks and providing updated information via the Risk Reports (e.g. Risk Registers). The Risk Management Liaisons are in charge of assisting the Risk Owners in identifying the relevant risks. They are also responsible for updating the Risk Register for review by the Head of Department. In addition, they prepare any additional risk reports for review. The RML also assist in the “roll out” of current and future ERM initiatives and projects. The Key Risk Indicator Reporter assists the RML in the risk identification process, updating the Risk Register for senior management review and completing the risk reports. The RML programme is instrumental in ensuring Trust Re’s preparedness for the next unexpected risk, something that does not yet exist on the balance sheet, but may materialise at any time. The spectrum is broad, ranging from liability risks in litigious environments to terrorism and political risk. Figure 8: Trust Re’s Risk Register process Risk Register Review Identify operational risk Assess risk impact Operations Actuarial and Risk Department Risk Owners Business Unit 1 • Identify risks Business Unit 2 Business Unit 3 Business Unit 4 Business Unit 5 Business Unit 6 • Enter the risk into the risk register Define risk ownership • Survey and review risks identified Report • Review their progress • Assess risks under external and internal • Describe controls • Enact mitigation or improvement actions • Track their development Counsel influence • Determine overall score and impact of risks on total company contribute to determining capital requirements and tolerance limits 20 TRUST RE PERSPECTIVES Figure 9: Trust Re’s Risk Management Liaison Programme Risk Management Liaison Early warning and identification process Operations Identify and register Business Unit 1 ist reg fy n ti de oi tt sis As Risk Register ate pd ou Business Unit 3 t ort pp Su Business Unit 2 Risk Owner Business Unit 5 Business Unit 6 er Business Unit 4 Risk Management Liaison Key Risk Indicator Reporter Assist in the process Roll out ERM initiative Report to Exec. Mgmt. One of the key components of Trust Re’s risk control environment is the ‘Own Risk and Solvency Assessment’ (ORSA). The Company’s strong proprietary analytical skills allow Trust Re to perform an ORSA, a core element of future regulatory environments, not just under the upcoming Solvency II regime in the European Union but also in the United States and other parts of the world. Under the ORSA, Trust Re develops its own view of today’s and future risks facing the Company and the capital required to underpin those risks. For Trust Re, the ORSA is not a document prepared for regulatory compliance only. More importantly, it is a key reporting element underlying the Company’s internal decision-making processes, establishing a link between risk management, capital management and strategic planning. Simply speaking, ORSA describes how risk is quantified and managed under stressed conditions. In addition, Trust Re uses it to provide management and the Board with prospective solvency assessments which feed into medium-term business planning and longer-term strategy development. As such, it is an indispensable basis for the Board of Directors to take decisions on the Company’s future strategic direction and to be actively involved in all relevant underlying processes. More specifically, at Trust Re, the ORSA report consists of three modules: The first module offers an overview of the Company’s business, organisational and market position with the aim to clarify the nature of risks it is exposed to. This section also describes the risk identification and assessment process and discusses the risk appetite over the planning horizon. The second part offers a forward-looking assessment of Trust Re’s solvency position based on the status quo and its business plan for the next three years. Scenario building and stress testing are also included so that the management is able to assess 21 TRUST RE PERSPECTIVES the potential impact of adverse events on the Company’s solvency position and prepare appropriate responses. The third part of the ORSA report tries to validate the processes and tools which are used to assess Trust Re’s ability to react to adverse events. This validation is based on an assessment of ORSA governance and embedded into the organis ation. Figure 10: Trust Re’s ORSA process ORSA: Present and future risk assessment Strategic planning Module 1: • Describe risk landscape Risk Categories • Identify and assess risk Underwriting risk Module 2: rfo Risk Capital Pe tal api rm fC an ce st o Co Investment risk Counter-party credit risk • Define risk appetite Return • Assess future solvency position • Execute scenario building and stress testing Operational risk Market risk • Validate processes and tools • Assess ability to react to adverse events Solvency Risk Management Module 3: Capital Management The ORSA process encompasses all relevant risk categories such as underwriting risk (premium, reserving, catastrophe, scenario-based accumulations), investment risk (credit risk, liquidity risk, volatility), counterparty credit risk (retrocessionnaires, banks) and operational risk. As such, it is an important basis for determining Trust Re’s risk strategy and appetite. The latter is also driven by S&P’s and AM Best’s AAA capital adequacy requirement on a 99.5% level. Conceptually and organisationally, Trust Re’s risk control process is secured by three main lines of defence: · The 1st line of defence relates to the management of risk at the points where they arise. These activities are carried out by persons who take on risks on behalf of the Company. Risk management at this level consists of appropriate checks and controls, incorporated in the relevant procedures and the guidelines that are set by the Executive Council with the assistance of the risk management function (RMF). 22 TRUST RE PERSPECTIVES · The 2nd line of defence consists of the risk management activities that are carried out by the RMF and important support functions. Specifically, the RMF is responsible for the continuous monitoring and compliance of its policies and procedures. It also refers to the risk management activities performed by the Risk Committee and includes the approval and oversight of the implementation of risk policies and the establishment of systems and controls so that the overall level of risks and the relationship between risk and reward remain within acceptable levels. · The actuarial function, in its advisory capacity, provides technical expertise to both the 1st and 2nd line of defence. · The 3rd line of defence is the activities of Internal Audit that through its work provides an independent assurance to the Board of Directors on the performance and effectiveness of Trust Re’s risk management systems and processes. The unit conducts regular internal audits of the procedures applied for managing all types of risks and their effectiveness; the results of these audits are summarised in reports submitted to the Board, through the Audit Committee, and to the Senior Management. 23 TRUST RE PERSPECTIVES Figure 11: Trust Re’s three lines of defence framework Trust Re Board of Directors CEO Line 1: Management Line 2: Control Line 3: Assurance Risk Committee Board Committees Audit Committee Nomination and Remuneration Committee Executive Management EXCO Underwriting Actuarial & Risk Internal Audit Claims Functions / Business Units Finance Compliance Legal Operational Quality Assurance Other Support Functions (HR, IT, etc.) 4.3. Risk and economic capital models In the context of ERM, a variety of models is used, ranging from catastrophe and reserving models to economic capital models. Most importantly, companies need to have a clear view on why they are using which models, who manages them, which results are produced and how they benefit operations. Trust Re’s risk evaluation usually follows the risk identification phase of the ERM cycle and involves a wide range of methodologies and approaches. The Actuarial & Risk Management Department is taking the lead in risk evaluation, examining the potential impact and likelihood of occurrence of risk outcomes. In addition to risk assessment through the Risk Register Review process as described above, various risk evaluation and quantification tools – all of them risk-based – have been developed, including: 24 · Scenario and Stress Tests · Internal Risk Capital Models TRUST RE PERSPECTIVES · Regulatory (Solvency II) and Rating Agency (AM Best and S&P) Capital Models and · Financial and Investment Models Trust Re’s risk evaluation includes the quantification of both individual and aggregate risk positions using various risk metrics and methodologies which recognise both current and potential internal activities and risk positions as well as the external economic and market environment as far as possible. In order to keep metrics and methodologies current, Trust Re performs this evaluation process quite frequently, and at least quarterly. Very importantly, Trust Re considers sophisticated risk evaluation tools as pivotal in business steering and facilitation. For example, the Company’s internal economic capital model enables it to take better capital allocation, pricing, product development and retrocession purchasing decisions. Its most obvious use is the definition of Trust Re’s overall risk tolerance, including value at risk (VaR), tail value at risk (TVaR), probable maximum loss (PML) and resulting risk limits. The economic capital model must take into account the whole spectrum of risks facing the Company, allowing for the quantification of diversification effects and dependencies. In Trust Re’s view, the setting of corporate risk tolerance is a process which starts with a statement of risk appetite such as “We want to maintain a single A financial strength rating” or “We want to have a certain excess of capital compared to our economic capital and/or rating agency or Solvency II measures”. This qualitative definition of risk appetite is then translated into a quantitative statement of risk appetite, known as risk tolerance which, in turn, is the basis of a company’s risk limits. 4.4. Strategic risk management Strategic risk management is arguably the most relevant benefit of ERM. It comes with a company’s ability to measure all risks with a unique and consistent measure, establish a risk-adjusted measure of profitability, and then to benchmark every action or every risk against this measure of profitability or measure of risk. Ultimately, based on its economic capital model, the company can choose, for a given level of risk, the most profitable business or the risk implications for its target level of profitability. In order to ensure an appropriate risk-reward balance in all of its risk taking activities, Trust Re has established a robust Enterprise Risk Management (ERM) framework which is embedded throughout the business. This framework covers various areas including the risk management structure, risk governance, risk identification, risk-based capital requirements and risk controls capabilities within the Company’s risk appetite. Trust Re’s ERM framework is also a key component of its decision- 25 TRUST RE PERSPECTIVES making processes. Strategic planning, pricing, asset allocation, reinsurance strategy and capital budgeting for instance all have to undergo a thorough risk-reward analysis to determine their impact on the Company’s risk-adjusted return. 4.5 Guiding principles Trust Re ERM framework is based on the following principles: 1. Controlled risk-taking A wise and prudent approach to choosing risks which create value and build customers’ trust are central to Trust Re’s value proposition. As such, the Company has implemented a clearly defined risk control framework which ensures adherence to its risk appetite and risk tolerance limits. 2. Effective strategic risk management The consistent execution of a rigorous risk-rewards analysis is an integral part of Trust Re’s decision making process. The Company’s risk function is therefore mandated by the Board of Directors to ensure the effective integration of risk models into the organisation’s strategic and day-to-day decision-making processes. 3. Clear accountability and responsibility Trust Re operates on the basis of delegated and clearly defined authority levels. All individuals are accountable for the risks they identify and/or assume. These are aligned with the Company’s overarching objectives and embedded in the risk management process. 4. Protection of the balance sheet from shock events The risk management function monitors the Company’s risk-taking activities, including new and emerging risks. The risk evaluation process also includes the understanding and analysis of the financial impact and business implications of infrequent large events. 5. Independent risk-based audit An independent risk-based internal audit is performed at all levels and across all operational functions of the Company. It covers all risks and internal controls identified in the Risk Register process as well as additional testing so as to ensure the adequacy of internal controls. An important aspect of Trust Re’s strategic risk management is risk mitigation through reinsurance and other means. The Company’s risk mitigation strategy is very closely aligned with its risk appetite, risk tolerance and risk limits. Furthermore, it involves the identification, quantification and implementation of specific processes, strategies and/or solutions to eliminate, reduce or transfer risk. Examples of risk 26 TRUST RE PERSPECTIVES mitigation strategies include reinsurance, hedging, loss control measures, changes in governance or control processes, adjustments in the portfolio mix, distribution strategies, targeting or exiting specific markets and product lines or reducing coverage. Figure 12: Trust Re’s integrated risk management framework om on Ec Monitoring Results Performance Results Identification Insurance Risk Operational Risk Strategic Risk Market Risk g tin ies Ra nc e Ag y Marketplace Evaluation RISK CORE Exposure Analysis ORSA Capital Modeling Risk/Reward to la gu Re al rn te t Ex udi A rs Strategy Risk Appetite Risk Limits Risk Mitigation Business Plan Risk Capital Investment Community Figure 12 illustrates Trust Re’s overall approach to risk management. The risk management cycle starts with the identification of the Company’s core risks in insurance, operations, strategy execution and the financial markets. Upon identification, these risks are evaluated by means of exposure and risk/reward analysis, capital modelling and the ORSA process. The findings from the evaluation phase translate into strategic decisions such as the definition of the risk appetite and risk limits, the adoption and optimisation of risk mitigation, investment and underwriting strategies as well as the development of medium-term business plans and long-term strategic maps. The final phase is dedicated to monitoring the results of identified, evaluated and strategised risk. The Risk Management Department leads this process and all other corporate units are obliged to cooperate with it. For example, the Department’s catastrophe limits are binding. Similarly, pricing needs to be based on actuarial models, with deviations clearly defined. Risk management is also in charge of reserving. Any developments are reported back to the underwriting units. Risk-adjusted performance measurement is a further key role of Trust Re’s risk management function. It is based on capital allocation as determined by the Company’s economic capital model. 27 TRUST RE PERSPECTIVES 5.Conclusions ERM is rapidly gaining relevance in high-growth insurance markets. Insurers’ retention levels increase, the availability and quality of relevant data is improving, a new generation of leaders is understanding the value of analytics, expatriate talent effectively fills the gap created by the shortage of local expertise, the integration of emerging markets is translating into more robust governance and compliance frameworks, and an increasing number of markets are adopting riskbased solvency regimes. Against the backdrop of these dynamics, Trust Re considers itself a forerunner in advancing metricbased risk management as a means for choosing risks wisely to create shareholder value and build customer trust. In order to be effective, the respective framework must be embedded in decisionmaking throughout the organisation, making it an instrumental tool for steering the Company. Only then can ERM help reduce the volatility and strengthen the resilience of corporate earnings. This publication demonstrates that the strategic case for and the proper implementation of ERM does not depend on ‘deep corporate pockets’. What counts most is the overall mind-set as epitomised by the risk management culture and a firm’s ability to tailor ERM to specific organisational, business and market needs. With strong leadership and endorsement from the Board and managed by an empowered risk management function, any aspiring emerging markets insurer can reap the benefits of ERM. On this foundation, lean risk control and identification processes (such as a Risk Register Review), risk capital models (leveraging the rating agencies’ approach, for example) and strategic risk management frameworks can be established. In today’s competitive environment, ERM is very likely to develop into a prerequisite for long-term success, based on the ability to maximise risk-adjusted profitability. This is particularly true for domestic insurers operating in high-growth markets as they face challenges such as risk-based solvency requirements, spiralling levels of exposure, a lack of reliable data and increased pressure from foreign competitors. Therefore, Trust Re pursues a proactive approach to ERM. It is a prerequisite for steering the Company by transparent criteria and, ultimately, building a competitive edge. As such, it is characterised by a regular and systematic involvement of the Board of Directors. This involvement is vital for harnessing ERM in order to balance the generation of growth and profitability on the 28 TRUST RE PERSPECTIVES one hand and the detection and mitigation of risks, and those of an emerging nature in particular, on the other. For both areas, the corporate sponsors of ERM need to provide evidence as to their added value and communicate it effectively to all relevant internal and external stakeholders. 29 Copyright © 2015 Trust Re. All rights including the Author’s rights are reserved to Trust Re. Title: Adopting Enterprise Risk Management (ERM) in High-Growth Insurance Markets: The Trust Re experience Author: Marios Argyrou, Head of Actuarial and Risk Management Department, Trust Re, in conjunction with Dr. Schanz, Alms & Company AG www.trustre.com ISK MANAGEMENT NAGEMENT RISK M ENT RISK MANAGEM K MANAGEMENT R AGEMENT RISK MAN ISK MANAGEMENT NAGEMENT RISK M ENT RISK MANAGEM K MANAGEMENT R AGEMENT RISK MAN ISK MANAGEMENT NAGEMENT RISK M