Enterprise Risk Management (ERM) represents a fundamental shift in the way many firms, especially insurers, do business. Traditionally, various risks of a firm were viewed, assessed and acted upon in isolation, without a framework to measure total risk, let alone interactions between various risks.
Increasingly, this approach has become less acceptable to regulators, investors, analysts, and rating agencies. Indeed, Standard & Poor’s recently announced an effort on their part to strengthen and refine their focus on risk management and add “a formal evaluation of insurer Enterprise Risk Management capabilities to the rating process” (see section below).
What this means is that an insurer with a “diverse portfolio of complex risks” must choose a more sophisticated, more technical and more integrated approach to risk management than those of ten years ago.
Gross Consulting would like to help your company in that transition. We have experience in assisting senior management in these areas using both simulation approaches, such as DFA, and non-simulated approaches. Either of these are customizable to organizations of a wide range of characteristics. We believe that our methods are among some of the more cutting-edge in the industry, and we invite you to contact us for more information.
The successful insurers of tomorrow will employ more than just a risk committee examining various risks in isolation. They will have a culture of risk management, with five key elements:
Firms must develop a statistical framework for measuring risk at its base level, as well as be able to combine such risks for the organization as a whole. They must understand key interactions between risk drivers that may impact several different risk elements (for example, an unexpected drop in interest rates).
Firms must also decide on an enterprise risk measure to which they are going to manage, and be able to monitor progress in that regard on a very regular basis. For example, if “probability of ruin” is the risk measure of choice, the firm should have regularly scheduled internal management reports that show progress as well as individual contributions. Senior managers should take ownership of their risk positions and their contributions to enterprise risk.
Individual decision makers should know how their actions impact the overall risk position of the company. They also need concrete, documented limits (liability limits for an underwriter, exposure to a given credit segment for a bond trader, etc), to help them manage day to day.
With concrete limits in place, and regular reporting on the status of those limits, there should be very little probability of breach, except for outright fraud or incompetence. However, should such a breach occur, the firm will need action plans in place to deal with the individual(s) involved, as well as a forum to decide how to best reverse the offending positions without causing undue financial hardship.
It is critical that a firm be looking to the future in order to address risks that are not even present in its current portfolio(s). To do this, there must first and foremost be a full-time staff devoted to these studies. Second, the firm must have the foresight to capture data elements which, while not required in a legal sense, are helpful in the study of emerging risks.
Risk is not inherently bad. Risk begets return. A firm will do well to be able to assess not only the interactions of risk within its various portfolios, but also the marginal impact of adding the next risk. It is in this way that a firm can truly be strategic in handling risk and ultimately in exploiting risk.